Malvertising: a threat in disguise

malwareMalware disguised as advertising is becoming increasingly common. RiskIQ announced at Black Hat USA 2015, that the first 6 months of 2015 has seen a 50% rise in malvertisment cases compared to 2014.

What makes malvertising particularly dangerous to innocent browsers, and appealing to hackers, is the fact it doesn’t even have to be clicked on to be activated. Other malwares require a click or an installation to initiate, but with advertising the users can fall victim to a drive-by download by simply visiting the website on which the advert is hosted.

Worryingly, even trusted and well known websites aren’t safe from malvertisments. The way malware works is that it doesn’t exploit any vulnerabilities or weaknesses on the hosting website, instead it is operated via third-party channels. This means that malvertisments are able to pose as genuine banner adverts on websites that you visit every day. The most recent website to fall victim was the search engine giant, Yahoo.

The nature of online marketing, with banner advertisements, means that hackers can target anybody specifically with their traps. Through analysing users website usage data, hackers are able to identify who would be most profitable to attack.

Although no clicks are needed, the malware does require a weakness or vulnerability on the user’s computer in order to ‘leap’ onto their system. Gaps in the users Adobe or Java software acts as an unlocked back door, allowing the malware to sneak into their computer undetected.

The fact that cyber criminals are willing to invest considerable sums of money into online advertising is a sign of the huge amounts of profit that can be made.

To help defend yourself from malvertising, adequate malware protection software is essential. Keeping your protection software updated will also make your computer harder to attack. Software such as AVG and Norton remain the best line of defence against malware.

80% of cyber attacks are preventable with simple cyber security controls, according to the government. For more advice on defending against malware, do not hesitate to contact us.