How to defend against malvertising
Date: May 27, 2014
Guest post: Proofpoint.
Cybercriminals are increasingly turning to malvertising as a way to infect unsuspecting end users, and organisations need to adopt dedicated protection solutions to help defend themselves against this growing threat.
Malvertising, a portmanteau of malicious advertising, is when a seemingly innocent ad on a website directs someone to a Web page that causes malware to be downloaded on the browsing device being used. According to eSecurity Planet, malvertising is becoming increasingly prevalent because it is a relatively easy way to infect visitors to some of the biggest sites online. Cybercriminals have become quite adept at disguising their true intentions from ad networks, thus providing them with an easy backdoor onto the targeted paged.
“Crafty hackers do not even need to implant any malicious code into the ad itself, ensuring that it clears any scanning by the advertising network,” eSecurity Planet contributor Aaron Weiss wrote. “Instead, the ad can simply lure people to a website. The site may contain only clean content when the ad is submitted to the network, but once ad impressions begin the hackers plant malware on the site, which they already control.”
Due to this ease and the effectiveness of malvertising, there were approximately 10 billion malicious ad impressions in 2012, according to statistics cited by eSecurity Planet. That number is likely to rise in the coming years too, especially as the tactic proves fruitful to cybercriminals and as more We browsing happens from unsecured smartphones and tablets. A March 2014 report from Blue Coat Systems showed that 20 percent of all mobile device users had encountered malvertising. In comparison, 5.7 percent of all mobile malware in 2012 started with bad ads, Infosecurity reported.
Perhaps the best known example of the power and prevalence of malvertising happened at the end of 2013. Approximately 300,000 people were affected by malvertising on Yahoo.com, as a bad ad on the site led unsuspecting users to a page that covertly installed code on the device that allowed it to be controlled remotely, eSecurity Planet reported.
Can malvertising be stopped?
While the threat posed by malvertising is great and only growing, organizations can take steps to mitigate this problem. In particular, by adopting solutions from Proofpoint, companies will be able to ensure that employees and safely browsing the Web and are not causing malware to be inadvertently downloaded onto corporate-owned assets.
For the majority of organizations, Proofpoint Targeted Attack Protection is the ideal safeguard to deal with malvertising. What makes this solution unique is that it uses advanced statistical modeling and analytics to more accurately determine if a link clicked is malicious or not, thus helping to prevent malware from ever being accidentally downloaded. It also comes with real-time monitoring capabilities to help organizations more effectively track and note malvertising and potentially destructive end-user behavior.
Proofpoint also helps ad networks and other organizations from ever hosting malicious ads in the first place. Proofpoint Malvertising Protection takes the ad’s creative, actual impressions served and ad tags into account when scanning hosting requests to see if it is a legitimate advertisement or if it is malicious in nature. By taking such a comprehensive approach to ad scanning, organizations can help to make sure their brand is not tarnished by malvertising.
“For enterprises who publish ads on their own websites, the risks of malvertising can threaten both your users and your reputation,” Weiss wrote. “Becoming the source of an infection that can infect thousands, or even millions, is not an ideal customer relations strategy. Businesses who accept direct advertising – that is, you accept ads directly from advertisers – need to have a well-crafted vetting strategy.”
As the threat posed by malvertising rises to new heights, the benefits that Proofpoint Targeted Attack Protection and Proofpoint Malvertising Protection provide become more critical to the safeguarding of important information and networks than ever before.
To find out how Proofpoint can protect your organisation, email [email protected] or call 01256 379970.