Malvertising Targets Your Online Users

Before clicking an online ad, make sure your users think twice. Malicious advertising, more commonly known as Malvertising, has been popping up everywhere.

Some of the most popular websites, such as Huffington Post, eBay, Forbes and Yahoo, at one point or another have unwittingly hosted malicious ads.

Malvertising is designed to spread malware when a user clicks on an ad. If a virus, worm, Trojan or some other type of malware like ransomware gets into your network through malicious advertising, it could disrupt your business for hours or days or longer or abscond with your valuable data.

Malvertising is tough to identify. Malware authors hijack legitimate online advertising systems to insert their own malware-filled ads into websites. Anytime malware is hidden inside a legitimate application, it’s much harder to detect.

That explains why Malvertising has become a $1 billion cyber-criminal enterprise. It’s easy to trick users to click, and it doesn’t cost much to create the fake ads. It costs less than $1 per 1,000 targeted users to create a malicious ad.

Clicking on a malicious ad can lead to the types of damage common to malware infections – stolen data, altered files, identity theft and financial loss. In some cases, it can turn your machine into a bot to propagate malware or execute a DDoS (distributed denial of service) attack.

That’s bad enough of course, but Malvertising delivers the added bonus of also hurting advertisers and the publishers they pay to run the ads. As explained by Forbes: “Lost ad dollars starve digital publishers of much-needed revenue and marketers of money intended to drive sales. Both phenomena result in diminished economic output and employment.” Malvertising is responsible for more than $200 million in lost ad revenue.

How Malvertising Works

Malvertising spreads infections in a couple of ways, tricking users into clicking an ad or pop-up warning and drive-by downloads. With ads, users are redirected to a website hosting malicious code instead of the advertiser’s site.

The first with pop-up warnings, for example, a fake alert about a computer infection appears on your screen. The alert contains a link to download the “fix.”

The second Malvertising method requires no work on the user’s part. A machine gets infected through a drive-by download when a user visits a site with malicious ads. Drive-by downloads are imperceptible to the user and install malware that causes disruption or steals valuable information.

Protect Your Business

Because Malvertising disguises itself as legitimate ads or pop-up warnings, it creates a challenge for businesses to prevent users from infecting their machines. But there are steps you can take to minimize the threat.

One obvious step, which applies in all cyber-security situations, is to always update all business systems and software. Outdated applications, plugins and operation systems often have vulnerabilities that cyber-criminals can easily exploit. Be sure to also update your browsers regularly and take advantage of built-in security features such as pop-up blockers and malware protection.

Lastly, you should implement a comprehensive, up-to-date endpoint security solution with built-in behavior analysis. Advanced analysis features can flag suspicious code by looking for traits often found in malware.

As we’ve explored in earlier blogs about exploits, phishing, mobile threats and browser security, small businesses have to secure their businesses on many fronts. Malvertising is one of many cyber threats your business has to contend with.

By taking these security steps, you boost your chances of avoiding a Malvertising hit.

VipreAntivirus:

You Might Also Read: 

Malicious Ads Expose Millions To Hacking:

Brand Reputation Includes Cyber Safety:

 

« Cyber-Workforce Shortage to Increase
Facebook & Google Are Killing Newspapers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

Astra

Astra

Astra's website security solution provides real-time protection against malware, hackers, SQLi, XSS, DDoS, LFI and RFI.

NESEC

NESEC

NESEC is a specialist in information security consulting services and solutions.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

VIBE Cybersecurity International

VIBE Cybersecurity International

VIBE’s certificate-less authenticated encryption enables scalable, flexible key exchange, and other advanced cryptographic functions using identity-based elliptic curve cryptosystems (ECC).

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

SIRP Labs

SIRP Labs

SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

iSPIRAL IT Solutions

iSPIRAL IT Solutions

iSPIRAL is a leading regulatory technology software provider delivering state-of-art AML, KYC, Risk and Compliance solutions.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.