Imagine browsing one of your favorite sites and you see what looks like the perfect on-line ad showcasing the latest widget you were thinking about buying. Sounds harmless, right? But what if that ad was really a malicious cyber attack?
This tactic is known to security professionals as ‘malvertising.’ It’s a method of attack known to cyber-criminals who use online advertising to spread malware by injecting malicious ads, often through embedded hidden iframes into online ad networks or webpages.
Malvertising has been a problem for CIOs and CSOs for a few years now, and 2015 stands to be no different, as highlighted in the Cisco Annual Security Report for 2015.Unfortunately, the infamous “Kyle and Stan” network was a very good example of this. The malvertising network placed malware on popular, high-traffic sites such as youtube.com, ads.yahoo.com, and amazon.com.
Malvertising creators are putting online advertising networks on their heels as the networks are utilized to deliver malware. One trick malicious actors love to use is purchasing blocks of remaining ad inventory at the last-minute, hoping no one will have time for a thorough investigation. They’ll even serve up malware-free ads before flipping the switch.
So how can CIOs and CSOs protect their employees, devices, and networks when tracing the source of malvertising agents? Here are considerations to get started in protecting against malvertising:
- Know your security vendor(s): Your vendor’s team must be robust and responsive. Their products need to be up-to-date against the latest outside threats as soon as they are discovered, in real-time. Their protective measures need to be in place before, during, and after an attack.
- Advanced malware protection solutions are well suited for blocking and detecting malware. They provide continuous monitoring and go beyond point-in-time scanning methods.
- Strong web security devices will prevent access to websites associated with malvertising campaigns.
- The network security protection of intrusion prevention systems and NGFWs will also block attacks introduced via malvertising.
- Reduce Attack Surfaces: Using ad blockers and popup blockers will filter out potentially malicious advertising. Also, to limit the abundance of vulnerable apps and appearance of ads on corporate endpoints outdated apps like Adobe and Java, that are targeted should be kept up to date to minimize outdated plug-ins is reduce the attack surface these programs offer. Restricting access or completely blocking these apps may need to be considered.