The very real danger of malvertising
Malvertising has been identified as one of the main cyber security threats in 2017, but what exactly is it and how can it put you at risk?
Malvertising, or malicious advertising, is the use of online advertising to spread malware and it involves embedding malware laden advertisements into legitimate online advertising platforms and websites.
Whilst the cyber security industry highlights staff awareness and training as one of the main imperatives in the layered defence strategies that businesses should adopt, malvertising represents a significant threat as to fall victim there is no user interaction required other than to be simply browsing the internet. In many instances it is not necessary to actually click on the advertisement or a pop up, merely visiting the site can lead to infection.
Cyber criminals will often buy advertising on platforms and post malicious advertisements however the issue becomes infinitely more troublesome when malvertising lives on reputable websites as has been seen this year with websites such as the BBC, the New York Times, MSN and Spotify becoming impacted.
If malvertising is the attack of choice for the cybercriminal the actual malware to be delivered can be wide ranging, spyware or key loggers for example. However, it is estimated that 70% of malvertising campaigns are designed to deliver ransomware, the increase in the number of variants of ransomware and the sophistication of these attacks means that this combination is a major threat.
So, what can you do to avoid becoming a victim of malvertising? It has to be said that unless you completely abandon the internet there will continue to be a risk that you will be exposed to infected sites, but the following steps are worth auctioning:
- Try to practice safe browsing. It won’t protect you from malvertising hidden on reputable websites but avoid clicking pop-ups, ads for unbelievable offers or advertisements that you weren’t expecting to see. If you want to visit a site go to it from a search rather than an ad.
- Browser plug-in can be a major vulnerability. Uninstall browser plug-ins you don’t use and make the rest click-to-play allowing you to decide if you want a plug-in to run.
- Keep your software and operating system updated and patched, malvertising is looking for vulnerabilities that can be exploited.
- Ad blockers will filter out some of the malvertising threat. However you need to be aware that most websites survive on advertising revenue so they will limit access if an ad blocker is detected and will request you to disable it.
- Install anti-exploit security software that will monitor browser and plug-in activity and block exploits looking to take advantage of any vulnerabilities.