In late 2015, Cyphort reported that malvertising had increased by 325% since the previous year. Malvertisements are ads that can infect a user’s computer when they click on the ad. Malvertising is only becoming more and more of a threat for users every day; the attacks are relatively easy to implement, requiring attackers to pay for adspace in order to attach malware to the ad. As with phishing emails, malvertisers attempt to trick users into infecting their own computer.
Malvertisement campaigns can be as dangerous as other forms of social engineering. Malicious ads can reach a thousands of users in a short time. Even when malicious ads are taken down within 24 to 48 hours after they’re discovered, they can infect up to hundreds of thousands of users. This was the case with a large malvertising campaign last month that hit high profile entertainment, news, and sports sites, including MSN, New York Times, BBC, AOL, Xfinity, NFL, and others. The campaign affected thousands of users in the first 24 hours.
Ad networks offer an easy way for attackers to customize their malicious ads. Ad networks offer companies the freedom to configure ads to appear only when users use key words or phrases in their searches. Attackers may want to cast a wide net and attempt to scare users into clicking on ads. For example, if a pop-up appears warning users of malware on their computer, the ad will offer to uninstall the malware, and once the user clicks on the malicious ad, they unknowingly install the malware themselves.
Attackers may also wish to target high value targets such as executives who are traveling to a conference. The malicious ad could be configured to appear when executives or their assistants search for hotel rates or flights. These ads may entice users to click on them by offering cheaper rates or promotions.
The main challenge users face with malvertising is that malicious ads are indistinguishable from legitimate ones. Becoming a victim to a malvertising campaign is as easy as one click. Here are a few tips to help avoid malicious ads:
In the massive campaign last month, malvertisements served up Angler exploit kits. This type of malware looks for vulnerabilities in browsers and browser plugins such as Adobe Flash. Upon finding a vulnerability, the malware then exploits it. An easy fix for users is to keep browsers and plugins up-to-date. Updated browsers are less likely to become infected in the first place.
Antivirus programs are not full-proof, but they can add another layer of defense against malicious ads. Anti-virus programs can prevent most malware from installing and can also uninstall most malware that infect a computer.
Ad-blockers can help users by taking all advertisements out of the equation. This way, users won’t have to deal with ads at all. The only caveat is that ad blockers don’t block malware, they simply block all ads regardless of whether they are legitimate or malicious. Some sites are maintained through ad revenue and these sites may ask users to turn off ad-blockers in order to enter. The workaround for using an ad-blocker is to whitelist trusted sites.
Lastly, users can look for lock icons that precede the URL in the search bar of their browser. Some browsers such as Mozilla and Chrome warn users of mixed content. When a secure HTTPS webpage pulls content from non-secure HTTP sources, Chrome, Mozilla, and other browsers will warn users that the site is safe, however the content on the site may not be safe. Malicious ads fall under the mixed content umbrella. Users can safeguard themselves by visiting sites that does not have mixed content on it.
Mozilla warns users with one of three lock icons: a green lock with a grey warning over it, a grey lock with a red slash through it, and a grey lock with a yellow warning triangle over it. For more details on what each of Mozilla's security indicator means, click here.
Chrome warns users with a grey lock icon with a yellow triangle over it. For more information on Chrome’s mixed content warnings, click here.
Users don’t have to be security experts to prevent themselves from malware infections. Using a layered security approach will help users stay safe.