Malvertising Targets Your Online Users

Uploaded on 2017-04-21 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Before clicking an online ad, make sure your users think twice. Malicious advertising, more commonly known as Malvertising, has been popping up everywhere.

Some of the most popular websites, such as Huffington Post, eBay, Forbes and Yahoo, at one point or another have unwittingly hosted malicious ads.

Malvertising is designed to spread malware when a user clicks on an ad. If a virus, worm, Trojan or some other type of malware like ransomware gets into your network through malicious advertising, it could disrupt your business for hours or days or longer or abscond with your valuable data.

Malvertising is tough to identify. Malware authors hijack legitimate online advertising systems to insert their own malware-filled ads into websites. Anytime malware is hidden inside a legitimate application, it’s much harder to detect.

That explains why Malvertising has become a $1 billion cyber-criminal enterprise. It’s easy to trick users to click, and it doesn’t cost much to create the fake ads. It costs less than $1 per 1,000 targeted users to create a malicious ad.

Clicking on a malicious ad can lead to the types of damage common to malware infections – stolen data, altered files, identity theft and financial loss. In some cases, it can turn your machine into a bot to propagate malware or execute a DDoS (distributed denial of service) attack.

That’s bad enough of course, but Malvertising delivers the added bonus of also hurting advertisers and the publishers they pay to run the ads. As explained by Forbes: “Lost ad dollars starve digital publishers of much-needed revenue and marketers of money intended to drive sales. Both phenomena result in diminished economic output and employment.” Malvertising is responsible for more than $200 million in lost ad revenue.

How Malvertising Works

Malvertising spreads infections in a couple of ways, tricking users into clicking an ad or pop-up warning and drive-by downloads. With ads, users are redirected to a website hosting malicious code instead of the advertiser’s site.

The first with pop-up warnings, for example, a fake alert about a computer infection appears on your screen. The alert contains a link to download the “fix.”

The second Malvertising method requires no work on the user’s part. A machine gets infected through a drive-by download when a user visits a site with malicious ads. Drive-by downloads are imperceptible to the user and install malware that causes disruption or steals valuable information.

Protect Your Business

Because Malvertising disguises itself as legitimate ads or pop-up warnings, it creates a challenge for businesses to prevent users from infecting their machines. But there are steps you can take to minimize the threat.

One obvious step, which applies in all cyber-security situations, is to always update all business systems and software. Outdated applications, plugins and operation systems often have vulnerabilities that cyber-criminals can easily exploit. Be sure to also update your browsers regularly and take advantage of built-in security features such as pop-up blockers and malware protection.

Lastly, you should implement a comprehensive, up-to-date endpoint security solution with built-in behavior analysis. Advanced analysis features can flag suspicious code by looking for traits often found in malware.

As we’ve explored in earlier blogs about exploits, phishing, mobile threats and browser security, small businesses have to secure their businesses on many fronts. Malvertising is one of many cyber threats your business has to contend with.

By taking these security steps, you boost your chances of avoiding a Malvertising hit.

VipreAntivirus:

You Might Also Read: 

Malicious Ads Expose Millions To Hacking:

Brand Reputation Includes Cyber Safety:

 

« Cyber-Workforce Shortage to Increase
Facebook & Google Are Killing Newspapers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

CyberArts

CyberArts

CyberArts is founded on the belief that every single organization deserves and requires the creme de la creme when there is a need for Cyber services.

SoSafe

SoSafe

SoSafe empowers organizations to build a security culture and mitigate risk with its GDPR-compliant awareness programs.

Asvin

Asvin

Asvin provides secure update management and delivery for Internet of Things - IoT Edge devices.

Invensity

Invensity

INVENSITY is an interdisciplinary technology and innovation consulting company. Centres of excellence include Cyber Security and Data Privacy.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

jobsDB.com

jobsDB.com

jobsDB Singapore is a search engine for jobs throughout Singapore.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

InterSources

InterSources

InterSources is a trusted partner, leading the way in Cloud Security, Cybersecurity, PLG Consulting, Digital Transformation, and Professional Services.