Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/25/2015
01:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cyphort Labs Issues Special Report on the Rise in Malvertising Cyber Attacks

Cyphort Researchers Find Malvertising Campaigns Increased 325 Percent Through Early 2015

Santa Clara, CA: August 25, 2015 – Cyphort, a pioneer of Advanced Threat Defense (ATD) solutions, today released a special report ‘The Rise of Malvertising,’ that looks into the practices used by cyber criminals to inject malicious advertisements into legitimate online advertising networks. Cyphort researchers found that malvertising campaigns carried out by hackers increased 325 percent in the past year. 

Earlier this year, Cyphort Labs discovered a compromise of the AOL Ad-Network that led to major websites such as HuffingtonPost.com, FHM.com and LAWeekly.com being infected with malware. In fact, Cyphort’s researchers began detecting malvertising campaigns on HuffingtonPost.com in early 2015.

How Does Malvertising Occur?

Malvertising campaigns start when cyber criminals launch attacks through deceit or by infecting the ad supply chain including ad networks, ad exchanges and ad servers. Often times, the hackers will put legitimate ads on trustworthy web sites to build up support. They are basically trying to trick the network by appearing to look legitimate. Once trust is built, the hacker inserts malicious code or spyware behind the ad on a limited basis, just long enough for malware to be launched. Malware is then unknowingly incorporated into web pages through a corrupt or malicious ad. Consumers are the most direct victims, as their computers and contained files are infected by simply clicking on a malicious ad or, in some cases, by simply going to a site they visit frequently.

“Cyber criminals always look for the least point of resistance when attacking networks, making malvertising campaigns an enticing way for them to commit fraud and steal proprietary information from unsuspecting corporations,” said Dr. Fengmin Gong, Cyphort’s co-founder and chief strategy officer. “By issuing this newest report, Cyphort hopes that companies and end users will walk away with a better understanding of malvertising, how it occurs, its pervasiveness and what can be done to prevent it.

The problem of malvertising isn’t going away and cyber criminals will continue finding way to monetize their attacks. According to theAssociation of National Advertisers, ad-fraud will cost global advertisers more than $6 billion in 2015. Cyphort believes this number will continue to skyrocket in the coming years. Much like advertisers, site publishers can be blamed for malvertising attacks. If a user is infected, chances are he or she will have second thoughts about returning to the site.

Combating Malvertising Attacks

Malvertising attacks will only likely increase throughout 2015 and into 2016. Cyber criminals looking to carry out malvertising attacks look for the point of least resistance such as the hosting sites. From there victims can be targeted by industries, specific interests, geo locations and so on. Today’s common network detection tools won’t get the job done when it comes to identifying and combating malvertising. It is the responsibility of the web property owners (hosting sites), ad networks and web surfers to secure proprietary and keep the hackers at bay.

To help the web property owners (hosting sites), ad networks and web surfers combat the growing threat of malvertising campaigns, Cyphort Labs recommends the following steps to implement an effective cybersecurity defense:

1.       Advertising networks should use continuous monitoring that utilize automated systems for repeated checking for malicious ads.

2.       Scans should occur early and scan often, picking up changes in the complete advertising chains instead of just ad creatives.

3.       Ad networks should leverage the latest security intelligence to power their monitoring systems to stay up to date with global threat.

4.       Individuals should avoid “blind” surfing to reduce their exposure to drive-by infection. Keeping your computer system and security software patched timely will go a long way in protecting you when you do have to venture in the “dark night.”

 

Dr. Gong added, “Consumers will continue to be the most direct victims of malvertising campaigns, as their computers can be infected when they simply click unsuspectingly on a malicious ad or, in some cases, by simply going to a site they visit frequently. Hopefully consumers will keep their devices updated with the latest security patches available to download.”

To read the full Cyphort Malvertising Malware Report, visit: http://go.cyphort.com/Malvertising-Report-15-Page.html

About Cyphort

Cyphort is an innovative provider of Advanced Threat Protection solutions that deliver a complete defense against current and emerging Advanced Persistent Threats and targeted attacks. The Cyphort Platform continuously monitors web, email and internal network traffic for malicious behavior and threat movement across the organization, correlates threats to incidents, and provides contextual, risk-based prioritization for immediate containment of any threat activity. Cyphort’s software-based, distributed architecture offers a cost effective, high performance approach to detecting and protecting the entire organization against sophisticated attacks. Founded by experts in advanced threats, Cyphort is a privately held company headquartered in Santa Clara, California. For more information, please visit: www.cyphort.com 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AuntieInfosec
50%
50%
AuntieInfosec,
User Rank: Apprentice
8/26/2015 | 10:45:49 AM
What are ad companies doing about malvertising?
As I have understood from sources within the advetising industry and our research, it is within the standard practices of advertising platforms to accepts 3rd-party javasript payloads to be delivered every time an advertising banner is shown on a page. This is done without thorough technical audits on what those payloads do. Even when the user does not see the ad or interact with the ad in anyway. It seems futile to try to do anything else before something is done about this irresponsible practice.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7029
PUBLISHED: 2020-08-11
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged ...
CVE-2020-17489
PUBLISHED: 2020-08-11
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible f...
CVE-2020-17495
PUBLISHED: 2020-08-11
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
CVE-2020-0260
PUBLISHED: 2020-08-11
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
CVE-2020-16170
PUBLISHED: 2020-08-11
The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded credentials.