Malvertising: How Your Business Can Avoid It
by Stephanie Faris on Monday, October 12 6:00
Just when people thought it was safe to search known sites, criminals get even more creative. A new type of attack called malvertising uses third-party advertising sites to sneak malicious codes into networks and devices. The ad content can appear on some of the best-known sites on the Internet, remaining undetectable to security software until the ad launches.
Avoiding malvertising can be difficult, since it s usually found on the sites people visit every day. Whether a business has a website of its own or is merely worried about the devices attached to its servers, it s important to understand as much about malvertising as possible to reduce its impact.
Malvertising involves code embedded into the ad content displayed on a website. The code s intent is to expose vulnerabilities in a device s antimalware protection. A report from Cyphort predicted that malware would soon become the top tactic used by hackers. Although malware has been an issue since 2007, the company emphasized that incidents have come more widespread and sophisticated in recent years.
Over the summer, Malwarebytes identified a round of attacks impacting Yahoo s network, which would have had the potential to affect devices around the globe. As soon as it was contacted, Yahoo took action against the threat. The issue began when a malware company bought ad space on the site, then deployed malicious code through the ads it posted.
The Good News
Experts have found that criminals target sites that have the demographic they re after and push malware through ads on those sites. As these threats increase, however, major websites and malware protection providers are becoming increasingly aware of how they operate and taking measures to prevent it. Malvertising was one of the reasons businesses were warned against Adobe Flash, which has weaknesses that have been exploited in the past.
Many businesses have been challenged over the years to keep Adobe Flash updated on all of its devices. Adobe has finally stepped forward to provide a way for businesses to automate the update process, eliminating the need for IT professionals to personally visit every device once every couple of weeks to manually update Flash while logged in as administrator. One of the best things businesses can do to protect its systems against malvertising is to automate the process of updating all plugins so that every device is updated at all times.
In addition to ensuring every device has the latest virus definitions, businesses should ensure that end users have the lowest level of rights necessary to do their jobs. Only IT workers should have administrative rights to machines and users should be trained on safe web surfing behaviors.
For additional protection, there are ad-blocking plugins available that keep annoying and unsafe ads from deploying. AdBlock Plus is among the most popular. While this may not block all malicious code, when combined with up-to-date malware protection, a user can search the Internet with greater peace of mind.
Malvertising is a looming threat that seems to only be growing. By taking the usual precautions, a business can keep its devices safe at the end user level. Hopefully websites and ad distributors will become more diligent on their end to prevent the malvertisers from getting their ads through from the start.