Towards the end of 2018, the global information company, Experian released a number of online ads as part of a new advertising company. What they didnโt know was that one of their online ads contained an additional image which was hidden within the ad request and was not visible to the online user. On clicking the ad request, innocent users enabled a malicious code, which redirected them to a phishing website.
In another instance in 2018, Check Point found a fraudulent advertising campaign that was aimed at thousands of compromised WordPress website users. The campaign redirected the users to an external IP address (134.249.116.78), which was popularly referred to as โMaster134.โ This IP address was further used to redirect the traffic to a legitimate advertising domain owned by AdsTerra ad network to be sold as traffic for online advertisers.
With the increase in the number of online ads, hackers are using a new type of cyberattack to target global online ad networks aimed at spreading malware or other malicious code among all online users. Short for โmalicious advertising,โ malvertising in simple terms, is the technique used to infect online ads with various types of malware code that can ultimately infect thousands of connected computers.
Why is malvertising so damaging? The 2018 industry statistics reveal that malvertising costs online ad publishers around $120 million and online advertisers around $920 million, making it a grand loss of around 1.13 billion in 2018. This cost is only expected to increase further in 2019 and beyond. Websites of leading names like the New York Times, London Stock Exchange, and Spotify have also fallen prey to malvertising by displaying malicious ads to their online customers.
According to Trustwave, cyberattackers have also targeted small but legitimate domains (such as Brentsmedia.com) to trick advertisers to publish their malicious ads. This fraudulent ad campaign consisted of a heavy JavaScript file with more than 12,000 lines of written code (around 11,000 more than normal).
Letโs now discuss how malvertising attacks are carried out and how it is different from adware.
What is Malvertising and how does it work?
Malvertising is a fraudulent form of online advertising where hackers embed malicious code within an online ad which is then published on a popular ad network. When online users click the online ad or simply visit their destination page, the malware code is downloaded on their device and proceeds to cause damage.
Malvertising attacks are targeting Android and iPhone smartphone users. Referred to the PayLeak malware attack, ads on leading online newspapers and magazines were used to lure smartphone users to a phishing website using a fake Amazon gift card offer.
Hackers typically use the following two types of malvertising to spread malware through online ads:
This method of malvertising does not even require the user to click the malicious ad. By simply loading the target webpage, the malware tool is downloaded to the userโs device without any user consent. Among the earliest successful malvertising attack in 2012, this method was used to hit the online users of the Los Angeles Times that was part of a larger malvertising campaign targeting large news websites.ย
This method of malvertising requires the user to actually click the online ad for the hidden malware code to be downloaded on their device. Malicious ads (using this method) are made to appear like real ads like the โAmazonโ ad (in the introductory section) or virus alert ads that entice the users to click on them. A recent example of this malvertising method is the 2017 case of the Zirconium Group that created 28 fake online ad agencies to promote a malvertising campaign resulting in over 1 billion ad views.
Malvertising versus Adware
As both of them deal mainly with an online advertisement, malvertising is often confused with adware (short for ad-based malware). In reality, both are quite different. Hereโs a comparison:
How do hackers insert malicious code into online ads?
To execute malvertising, hackers can use a variety of ad sources to insert malware or any malicious code. These include:
Targeted towards the growing E-commerce business, cybercriminals were successful in targeting the online checkout and payment pages of several small-time retail websites hosted on the Magento platform. Dubbed as the โCartThiefโ attack, the malware code was able to steal personal and financial information of the online shoppers from each transaction.
How to protect yourself from malvertising
As an online user, you can use a range of security measures and practices to protect yourself from malvertising, including:
Malvertising: Latest Trends
Starting from the earliest attacks in 2007-2008, malvertising continues to evolve to this date and pose new challenges to cybersecurity experts. Among the latest trends in 2018 and 2019, malvertising is targeting cryptocurrency miners in the form of malicious ads for trading in cryptocurrencies. A January 2018 case study revealed a fraudulent ad campaign (with embedded scripts) for the CoinHive cryptocurrency, resulting in a 285% increase in the number of CoinHive miners. Also referred to as Cryptojacking, the number of infected devices increased by over 300% monthly towards the end of 2018.
Cybercriminals are no longer focusing on online ads or โclick fraudsโ to implement malvertising but are extending their reach through โbad botsโ that is making detection more challenging. Thanks to evolving technology, a malvertising campaign can now be run like any other โtraditionalโ online ad campaign.
Apple and Android phone users are also being targeted for malvertising through the use of forced redirects and Trojanized mobile apps.
Conclusion
With the increased form and complexity of online malvertising attacks, online customers, ad publishers, and online advertisers are realizing the enormous risk that these online attacks pose to their business revenue and reputation. Only a well-designed and comprehensive cybersecurity solution can prepare them to mitigate such attacks or recover from their unfortunate consequences.
What do you think about the threat posed by malvertising? What is the best way to prevent such attacks? Do share your thoughts by leaving behind your online comments. You can also learn more about how cybersecurity works with our professional training program.
Fill in the details to know more
What Are SOC and NOC In Cyber Security? What’s the Difference?
February 27, 2023
Fundamentals of Confidence Interval in Statistics!
February 26, 2023
A Brief Introduction to Cyber Security Analytics
Cyber Safe Behaviour In Banking Systems
February 17, 2023
Everything Best Of Analytics for 2023: 7 Must Read Articles!
December 26, 2022
Best of 2022: 5 Most Popular Cybersecurity Blogs Of The Year
December 22, 2022
What Is Asset Classification?
March 20, 2023
Masquerade Attack โ Everything You Need To Know!
Best Infosys Information Security Engineer Interview Questions and Answers
Add your details:
By proceeding, you agree to our privacy policy and also agree to receive information from UNext through WhatsApp & other means of communication.
Upgrade your inbox with our curated newletters once every month. We appreciate your support and will make sure to keep your subscription worthwhile