Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/25/2015
01:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cyphort Labs Issues Special Report on the Rise in Malvertising Cyber Attacks

Cyphort Researchers Find Malvertising Campaigns Increased 325 Percent Through Early 2015

Santa Clara, CA: August 25, 2015 – Cyphort, a pioneer of Advanced Threat Defense (ATD) solutions, today released a special report ‘The Rise of Malvertising,’ that looks into the practices used by cyber criminals to inject malicious advertisements into legitimate online advertising networks. Cyphort researchers found that malvertising campaigns carried out by hackers increased 325 percent in the past year. 

Earlier this year, Cyphort Labs discovered a compromise of the AOL Ad-Network that led to major websites such as HuffingtonPost.com, FHM.com and LAWeekly.com being infected with malware. In fact, Cyphort’s researchers began detecting malvertising campaigns on HuffingtonPost.com in early 2015.

How Does Malvertising Occur?

Malvertising campaigns start when cyber criminals launch attacks through deceit or by infecting the ad supply chain including ad networks, ad exchanges and ad servers. Often times, the hackers will put legitimate ads on trustworthy web sites to build up support. They are basically trying to trick the network by appearing to look legitimate. Once trust is built, the hacker inserts malicious code or spyware behind the ad on a limited basis, just long enough for malware to be launched. Malware is then unknowingly incorporated into web pages through a corrupt or malicious ad. Consumers are the most direct victims, as their computers and contained files are infected by simply clicking on a malicious ad or, in some cases, by simply going to a site they visit frequently.

“Cyber criminals always look for the least point of resistance when attacking networks, making malvertising campaigns an enticing way for them to commit fraud and steal proprietary information from unsuspecting corporations,” said Dr. Fengmin Gong, Cyphort’s co-founder and chief strategy officer. “By issuing this newest report, Cyphort hopes that companies and end users will walk away with a better understanding of malvertising, how it occurs, its pervasiveness and what can be done to prevent it.

The problem of malvertising isn’t going away and cyber criminals will continue finding way to monetize their attacks. According to theAssociation of National Advertisers, ad-fraud will cost global advertisers more than $6 billion in 2015. Cyphort believes this number will continue to skyrocket in the coming years. Much like advertisers, site publishers can be blamed for malvertising attacks. If a user is infected, chances are he or she will have second thoughts about returning to the site.

Combating Malvertising Attacks

Malvertising attacks will only likely increase throughout 2015 and into 2016. Cyber criminals looking to carry out malvertising attacks look for the point of least resistance such as the hosting sites. From there victims can be targeted by industries, specific interests, geo locations and so on. Today’s common network detection tools won’t get the job done when it comes to identifying and combating malvertising. It is the responsibility of the web property owners (hosting sites), ad networks and web surfers to secure proprietary and keep the hackers at bay.

To help the web property owners (hosting sites), ad networks and web surfers combat the growing threat of malvertising campaigns, Cyphort Labs recommends the following steps to implement an effective cybersecurity defense:

1.       Advertising networks should use continuous monitoring that utilize automated systems for repeated checking for malicious ads.

2.       Scans should occur early and scan often, picking up changes in the complete advertising chains instead of just ad creatives.

3.       Ad networks should leverage the latest security intelligence to power their monitoring systems to stay up to date with global threat.

4.       Individuals should avoid “blind” surfing to reduce their exposure to drive-by infection. Keeping your computer system and security software patched timely will go a long way in protecting you when you do have to venture in the “dark night.”

 

Dr. Gong added, “Consumers will continue to be the most direct victims of malvertising campaigns, as their computers can be infected when they simply click unsuspectingly on a malicious ad or, in some cases, by simply going to a site they visit frequently. Hopefully consumers will keep their devices updated with the latest security patches available to download.”

To read the full Cyphort Malvertising Malware Report, visit: http://go.cyphort.com/Malvertising-Report-15-Page.html

About Cyphort

Cyphort is an innovative provider of Advanced Threat Protection solutions that deliver a complete defense against current and emerging Advanced Persistent Threats and targeted attacks. The Cyphort Platform continuously monitors web, email and internal network traffic for malicious behavior and threat movement across the organization, correlates threats to incidents, and provides contextual, risk-based prioritization for immediate containment of any threat activity. Cyphort’s software-based, distributed architecture offers a cost effective, high performance approach to detecting and protecting the entire organization against sophisticated attacks. Founded by experts in advanced threats, Cyphort is a privately held company headquartered in Santa Clara, California. For more information, please visit: www.cyphort.com 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AuntieInfosec
50%
50%
AuntieInfosec,
User Rank: Apprentice
8/26/2015 | 10:45:49 AM
What are ad companies doing about malvertising?
As I have understood from sources within the advetising industry and our research, it is within the standard practices of advertising platforms to accepts 3rd-party javasript payloads to be delivered every time an advertising banner is shown on a page. This is done without thorough technical audits on what those payloads do. Even when the user does not see the ad or interact with the ad in anyway. It seems futile to try to do anything else before something is done about this irresponsible practice.
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3331
PUBLISHED: 2021-01-27
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
CVE-2021-3326
PUBLISHED: 2021-01-27
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2021-22641
PUBLISHED: 2021-01-27
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22653
PUBLISHED: 2021-01-27
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22655
PUBLISHED: 2021-01-27
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).