Cybercriminals are in a constant, never-ending search for ways to harm others. One of the newest is Malvertising, a technique which takes advantage of internet advertising to distribute malware. It is sophisticated and well-targeted, and below is a description of how it works, along with steps you can take to protect yourself online.
How Malvertising Works
Malvertising targets specific audiences at specific times for maximum effect. For instance, let’s say the World Cup, a major soccer event, is a few days away. Malvertisers will contact legitimate advertising firms and ask them to run their ads, paying the required fees. In most cases the ad firms will not inspect the ads, and will instead simply take the money and run them.
When World Cup fans click on the ads, they are taken to a site where their computer, tablet, or smartphone is infected by malware. Due to the targeted advertising and timing of a major sporting event, it maximizes the number of people who are infected.
What is even more concerning is that it isn’t necessary for users to click on the ads per se, only to visit websites that have infected ads on them. Users will be redirected to sites where exploit kits are hosted and where “droppers” will be used to place malware on their systems. Tracing the sources is difficult because by the time the damage is done the ads are usually gone.
How To Defend Against Malvertising
There are a number of ways in which content providers and individuals can protect themselves. It is first important to make sure web gateways are secured. Even then, standard web gateways are only operational at one point within time, which means they have a single opportunity to detect traffic and stop it. The trouble with this approach is that the most complex attacks will not happen at a single point within time, so although blocking the entry point is essential, it isn’t sufficient by itself.
The most complex attacks are continuous and require ongoing solutions. The best solutions are those which involve multiple checks throughout an entire attack spectrum, during, after and before the attack occur. Prior to the start of an attack, security professionals need a comprehensive understanding to implement counter measures that can protect their systems. Some of the best are web reputation and URL filtering.
URL filtering allows administrators to establish policies that deny malicious websites but which also deny categories of URLs dependent on their content. Due to the importance of online advertising however, most don’t want to throw out the baby with the bath water, which is where reputation filtering comes in. It is a mechanism which assesses data, the amount of time a site has been free of malware, and then gives it a reputation. This allows websites with legitimate advertising to get through while denying those that aren’t. Most important, malware must be detected and blocked continuously once an attack begins.