Malvertising Targets Your Online Users
Before clicking an online ad, make sure your users think twice. Malicious advertising, more commonly known as Malvertising, has been popping up everywhere.
Some of the most popular websites, such as Huffington Post, eBay, Forbes and Yahoo, at one point or another have unwittingly hosted malicious ads.
Malvertising is designed to spread malware when a user clicks on an ad. If a virus, worm, Trojan or some other type of malware like ransomware gets into your network through malicious advertising, it could disrupt your business for hours or days or longer or abscond with your valuable data.
Malvertising is tough to identify. Malware authors hijack legitimate online advertising systems to insert their own malware-filled ads into websites. Anytime malware is hidden inside a legitimate application, it’s much harder to detect.
That explains why Malvertising has become a $1 billion cyber-criminal enterprise. It’s easy to trick users to click, and it doesn’t cost much to create the fake ads. It costs less than $1 per 1,000 targeted users to create a malicious ad.
Clicking on a malicious ad can lead to the types of damage common to malware infections – stolen data, altered files, identity theft and financial loss. In some cases, it can turn your machine into a bot to propagate malware or execute a DDoS (distributed denial of service) attack.
That’s bad enough of course, but Malvertising delivers the added bonus of also hurting advertisers and the publishers they pay to run the ads. As explained by Forbes: “Lost ad dollars starve digital publishers of much-needed revenue and marketers of money intended to drive sales. Both phenomena result in diminished economic output and employment.” Malvertising is responsible for more than $200 million in lost ad revenue.
How Malvertising Works
Malvertising spreads infections in a couple of ways, tricking users into clicking an ad or pop-up warning and drive-by downloads. With ads, users are redirected to a website hosting malicious code instead of the advertiser’s site.
The first with pop-up warnings, for example, a fake alert about a computer infection appears on your screen. The alert contains a link to download the “fix.”
The second Malvertising method requires no work on the user’s part. A machine gets infected through a drive-by download when a user visits a site with malicious ads. Drive-by downloads are imperceptible to the user and install malware that causes disruption or steals valuable information.
Protect Your Business
Because Malvertising disguises itself as legitimate ads or pop-up warnings, it creates a challenge for businesses to prevent users from infecting their machines. But there are steps you can take to minimize the threat.
One obvious step, which applies in all cyber-security situations, is to always update all business systems and software. Outdated applications, plugins and operation systems often have vulnerabilities that cyber-criminals can easily exploit. Be sure to also update your browsers regularly and take advantage of built-in security features such as pop-up blockers and malware protection.
Lastly, you should implement a comprehensive, up-to-date endpoint security solution with built-in behavior analysis. Advanced analysis features can flag suspicious code by looking for traits often found in malware.
As we’ve explored in earlier blogs about exploits, phishing, mobile threats and browser security, small businesses have to secure their businesses on many fronts. Malvertising is one of many cyber threats your business has to contend with.
By taking these security steps, you boost your chances of avoiding a Malvertising hit.
You Might Also Read:
Malicious Ads Expose Millions To Hacking:
Brand Reputation Includes Cyber Safety:
