Understanding Malvertising Attacks

Uploaded on 2023-08-14 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, INTELLIGENCE--International, FREE TO VIEW

A common theme in cybersecurity recently has been the increasing innovation of attack methods.

We have witnessed an uptick in the use of highly evasive threat techniques designed to enable threats actors to bypass traditional security tools - from secure web gateways and firewalls to phishing detection tools and malware analysis engines.  

Malvertising is a particularly interesting and often complex attack technique used by attackers where malicious code is embedded into online and banner ads, videos, and other forms of digital advertising after successfully compromising third party servers. If someone then clicks on a compromised ad, they could either be redirected to spoofed websites created using social engineering tactics, or malware is downloaded directly onto their device. 

The aim is to execute malware on a user’s endpoint. If this is achieved, a range of malicious activities can be carried out – from changing, deleting, or leaking data on the dark web, to redirecting internet traffic to malicious websites, and developing backdoor routes to vital network systems.  

Capitalising On Lack Of Awareness

We are predicting a spike in malvertising campaigns during the latter half of 2023 with the emergence of image generators such as DALL.E and Midjourney, and AI tools like ChatGPT, which threat actors can use to create convincing malvertising campaigns that users are often unaware of. 

In a recent survey, Menlo Security found that 70% of respondents were unaware that endpoint devices could be infected with malware through clicking on a brand logo. This is despite the fact that the vast majority of people admit they click on advertisements online ‘to some extent’.

Almost half of our sample (48%) were unaware that they could be infected by clicking on social media ads, while one in four were oblivious to the potential threats posed by pop-ups and banners. This compares to other more high profile threats like phishing, with around three-quarters of respondents aware they can be infected by malware when they click on an email link.

It can be difficult for users and publishers to identify the difference between what ads are genuine and which are malicious, especially when both serve consumers through legitimate advertising networks. It’s estimated that around one in 100 online ads is malicious at present.

Even the most credible brands and websites are not immune to malvertising. A recent study by Menlo Security revealed that Microsoft, Facebook, and Amazon were the top three most impersonated brands by malicious threat actors attempting to steal personal or confidential data.

Best Practice For Combatting Malvertising 

The opportunity for threat actors is on the rise. Unlike email-based attacks and other methods, many of us are not aware that digital ads can be leveraged as a highly convincing attack vector.

Given the threats, it’s important that users online follow best practice in order to combat this threat. 

1.    Check the brand logo:   It’s important to look closely at the brand logo. Is it squashed, pixilated or stretched? Are the colours odd? These could be signs an advert is not legitimate. 

2.    Check the URL:   By scanning over the ad (but not clicking) the URL will appear. This allows users to check for any anomalies – threat actors may just change one or two characters, but these can always be spotted on close inspection.

3.    Do not assume credible websites are safe:   Credible websites are likely to have higher ad vetting processes, but this does not mean they are immune to malvertising. The same rules apply – always be cautious when clicking on ads.

4.    Beware of calls to action:   While marketers are more interested in gather data surrounding impressions and conversions, attackers will be pushier. Any ad asking to ‘buy now’ or ‘click here’ should be treated with extreme caution. 

5.    Beware of redirects:   Any new ad you click on is likely to take you to a new website with lower vetting procedures than the one before. You are only three to seven clicks away from malware online, so the more ads you click on, the higher chance you have of encountering malware.

The lack of malvertising awareness combined with greater and easier access to AI tools and image generators provides the perfect cocktail for even relatively inexperienced threat actors to exploit.

We expect an uptick in these types of attacks over the coming months so it’s important that organisations and end users get ahead of the game now. 

Tom McVey is Senior Sales Engineer EMEA at Menlo Security

You Might Also Read: 

Malvertising Proliferates As Half Of Online Ads Are Now AI Generated:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Embracing The Passwordless Future
DORA: Compliance With The EU Digital Resilience Act »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Academic Centres of Excellence in Cyber Security Research

Academic Centres of Excellence in Cyber Security Research

The ACE-CSRs scheme is part of the UK Government’s National Cyber Security Strategy, working with academia and industry to make the UK more resilient to cyber attacks.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

Venari Security

Venari Security

Venari is an award-winning cybersecurity SaaS provider that has developed an ETA (Encrypted Traffic Analysis) platform which fundamentally changes the way encrypted traffic is analysed.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

National Cybersecurity Agency (ACN) - Italy

National Cybersecurity Agency (ACN) - Italy

The ACN is the National Authority for Cybersecurity in Italy. the Agency promotes public-private initiatives to strengthen the national cybersecurity and resilience posture.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Secure Halo

Secure Halo

Secure Halo has been protecting the intellectual assets and sensitive information of the federal government and private sector for 20+ years, through our proactive approach to risk and cybersecurity.

Camms

Camms

Camms are a team of experienced professionals dedicated to providing innovative GRC software solutions that help organizations manage risk, make informed decisions, and drive positive change.