Malvertising
Malicious advertising is referred to as “malvertising.” Malvertising is a cyberattack technique that injects malicious code within digital ads. These cyberattacks are difficult to detect because these ads are often provided to consumers through legitimate advertising networks. As they are displayed to all visitors to a website, they are particularly harmful as they put every page viewer at risk of infection. A malvertising attack typically begins by breaching a third-party server, allowing cyberattackers to inject malicious code into a display ad, banner ad copy, imagery, video content, or some other related ad element. Once a website visitor clicks on the ad, the underlying malicious code can install malware or adware on that user’s device and can redirect the user to a malicious website where they will use spoofing or social engineering techniques to advance their cyberattack. Malvertising cyberattacks may also execute exploit kits, which are forms of malware that are designed to scan systems and exploit vulnerabilities or weaknesses that are discovered.
Malware delivered via malvertising cyberattacks can damage files, redirect internet traffic, monitor user’s activity, access sensitive data, and set up backdoor access points to the system1. The sensitive data accessed by the cyberattacker can be deleted, modified, leaked, copied, sold, or held for ransom. Other malvertising cyberattacks can be carried out by executing a “drive-by download”, where a browser vulnerability allows infected files to be installed on the system while the user is passively viewing an ad, forcing redirects of browsers to malicious sites, or executing JavaScript or Flash to display malvertising content.
Examples of malvertising include:
Anger Exploit Kit. This drive-by download redirected visitors to a malicious website where an exploit kit was able to exploit vulnerabilities in common web extensions such as Adobe Flash, Microsoft Silverlight, and Oracle Java.
RoughTed. This malvertising cyberattack circumvented ad-blockers and anti-virus solutions through a complex ad exchange network and Amazon’s cloud infrastructure and Content Delivery Network (CDN).
KS Clean. This malvertising cyberattack placed malicious advertisements in mobile apps where, when downloaded, they triggered in-app notifications altering the user to security issues, prompting them to upgrade the app. Once a user agreed to the upgrade, the malicious software installation process was completed and the cyberattackers were granted administrative privileges to their mobile device.
Malvertising cyberattacks are difficult to detect and to avoid, but the following tips can help reduce your risk of falling victim to these cyberattacks:
- Ensure software, extensions, and browsers are updated
- Use antivirus software and ad blockers; ensure they are updated
- Avoid using Flash or Java or allowing these programs to run automatically
- Only work with trusted, reputable online advertising vendors
- Beware of ads with misspellings, irrelevant content, unprofessional designs, and promises of miraculous cures or discounts
- If you see a compelling ad, search for the company in another window rather than clicking on the ad
1 Crowdstrike, 2021, “What is Malvertising?”