Malvertising — or malicious advertising — is a relatively new cyberattack technique that injects malicious code within digital ads. Difficult to detect by both internet users and publishers, these infected ads are usually served to consumers through legitimate advertising networks. Because ads are displayed to all website visitors, virtually every page viewer is at risk of infection.
Malicious actors hide a small piece of code deep within a legitimate looking advertisement, which will direct the user’s machine to a malicious or compromised server. When the user’s machine successfully makes a connection to the server, an exploit kit hosted on that server executes. An exploit kit is a type of malware that evaluates a system, determines what vulnerabilities exist on the system, and exploits a vulnerability. From there, the malicious actor is able to install malware by utilizing the security bypass created by the exploit kit. The additional software could allow the attacker to perform a number of actions including, allowing full access to the computer, exfiltrating financial or sensitive information, locking the system and holding it ransom via ransomware, or adding the system to a botnet so it can be used to perform additional attacks. This entire process occurs behind the scenes, out of sight of the user and without any interaction from the user.
While difficult to prevent infection from a malvertisement, users can take steps to reduce their risk:
1. Ensure that all software and extensions, including web browsers, are up to date.
2. Install antivirus software and ad blockers to reduce the risk of running a malicious advertisement.
3. Avoid using Flash and Java or allowing these programs to run automatically when surfing the web.
Publishers have a responsibility to protect their visitors from malvertisements. Steps they can take include:
1. Thoroughly evaluate third-party ad networks that will be responsible for selecting, vetting and running ads.
2. Scan ad creative intended for display to discover malware or unwanted code.
3. Avoid the use of JavaScript or Flash in ads.
4. Engage a trusted cybersecurity partner to offer customized recommendations based on the organization’s digital advertising activity.
Contact Us
Phone: 09613338888
Email: [email protected]
Website: https://care247.tech
#cybersecurity #cybersecurityawareness #cybersecuritythreats #CyberSecurityAwarenessMonth #cybersecurityengineer
#malwareanalysis #vapt
