Malvertising, is that even a word?
This isn’t some cutesy Celebrity couple’s name, instead it is when Malware is delivered through the use of online advertising, hence the name “Malvertising”. This is a fan favorite among attackers because it can spread malware through legitimate websites without having to compromise the actual site.
How do they pull this off?
We have all seen the ads over to one side while visiting our favorite sites. These ads are not hosted directly on that site’s servers. Instead it belongs to an online advertising company that pays companies to let them place ads on our favorite sites. The way malvertising works is the attacker injects malicious code into online advertising networks, which means they only have to compromise that company in order to get their malware plastered across all these other legitimate sites. Using this method also helps the attackers get around firewalls that may be configured to block known malware sites or sites with a low reputation.
Let me give you an example:
Big Louie’s Online Marketing has made deals with WXYZNews.com, BigWholeSale.com and SocialPage.com to have their ads displayed on these sites. H4cker_b0B finds a way into Big Louie’s and inserts his malware into the online ads. Shopper Suzie visits WXYZNews.com and she can’t believe the deal she could get on these beautiful shoes and decides to click the ad. Let’s hope her security is better than Big Louie’s!
What if I don’t click the Ads?
Sadly, not all of these malvertisements have to rely on you clicking the ad, and use something called Drive-by-downloads. This has become one of the most preferred methods because they don’t have to rely on you clicking anything. In a nutshell, this method uses exploit kits that scan each visitor’s web browser and plugins for vulnerabilities that will allow the download to proceed without user interaction. Once the Exploit kit finds one the download begins.
Is there anyway to prevent this?
Since Malvertising is a delivery method, one of the best ways to tackle this is to make sure you have controls in place to help protect against the actual malware.
These controls include but are not limited to:
- Keeping your systems updated and perform audits to verify it is being done.
- Deploy Endpoint protection and make sure it also stays updated.
- Some NextGen Firewalls have a feature to block ads and if yours does not then deploy a browser add-on like Adblock Plus.
- Use Browser Add-ons like NoScript or ScriptSafe that prevent unsafe scripts from running on your system.
- Deploy 2 different Web Browsers. One to be used as the primary with all plugins disabled and a secondary that only has plugins essential to your business’s specific needs.
- Make sure your employees are aware of this and know who to contact if something looks suspicious.
The Wrap up!
Malvertising sounds made up but it is very real. Don’t just assume that you are protected against this just because you haven’t been affected yet, you could be compromised right now and not know it. Check with your Security Professionals to make sure you are as protected as you can be.