Malvertising …… the hidden threat – last week a number of major news websites saw their advertisment hijacked by a malicious angler campaign that attempted to install ransomware on users computers. The attack, which was initially targeted at US users, hit websites including the BBC, AOL, New York Times and the NFL ……the combined volume of traffic for these websites totalled billions of visitors.
It is understood that the malware was delivered through multiple ad networks, and used a number of vulnerabilities, which included a recently-patched flaw in Microsoft’s former Flash competitor Silverlight.
The Daily Mail , Skype and and the Premier League Fantasy website have all been targeted within the last month with malvertising campaigns.
Malvertising uses advertising networks to spread malicious flash objects and other pieces of malicious code to other websites. Hackers will then upload these malicious flash objects and other pieces of malicious code to ad networks, paying the network to distribute them like as if they are real advertisements.
For example you could visit a newspaper’s website and an advertising script on the website would download an ad from the ad network. The malicious advertisement would then in turn try to compromise the web browser.
Malvertising takes advantage of flaws in software that the user is utilizing in order to infect the user on a legitimate websites, this reduces the need to fool the user to visiting a malicious website.
The most popular times for these attacks are on a Friday when there is less monitoring being carried out for suspicious activities and when there is heavy web surfing during the weekends.
There are a number of methods used for injecting malicious advertisements or programs into webpages such as :-
- Pop-up ads
- Drive by downloads
- Web widgets
- Malicious banners on websites
- Third party advertisments on websites
- Third party forums such as forums or help desks
There are a number of ways of protecting websites from malvertising attacks such as keeping plug-ins and web browsers updated. Risk management also has an important role to play in particularly management and surveillance of the supply chain.
A cyber insurance policy can provide coverage for an attack of this nature through the disruption it may cause to a business and also the vendor services provided via monitoring and forensic investigation.