Malvertising: When Advertisements on Legitimate Sites Contain Malware

Any business worth their gigabytes will practice extreme caution when surfing the Internet. Hackers tend to make users’ lives more difficult, even for those who are part of a small or medium-sized business. Teaching your employees security best practices in hopes that they’ll avoid suspicious websites isn’t a foolproof strategy, and thanks to malvertising, ensuring that your organization stays secure is more difficult.

The reasoning is that it’s becoming more difficult to identify potential threats because they can take the form of non-suspicious entities in the online environment. In particular, a new and emerging threat called “malvertising” threatens even the most cautious PC users by injecting malicious code via advertisements. This type of malware often takes advantage of zero-day exploits (mainly with flash) that haven’t been patched by the manufacturer. These kinds of threats are challenging to avoid, even under the best circumstances. For example, check out this malvertising threat described by ComputerWorld:

[...] the source of the infection was a malicious advertisement, one that was running on a mainstream news service! The news website sells ad space served up by an advertising company, which in turn sells that ad space to anybody willing to pay for it. In this case, the bad guys were paying for it. They signed up for ad space just like any other customer, but the advertisement they created — known as “malvertising” — exploited a zero-day (unpatched) vulnerability in Adobe Flash to run commands through the browser to the victim computers’ operating systems, without any knowledge or intervention by the end users.

Taking advantage of the latest cybersecurity measures, like enterprise-level firewall and antivirus solutions, can be great tools to ensure that your organization's network stays secure, but what happens if threats are capable of bypassing these measures? In the above scenario, the malware-fueled advertisement ignored all standard online threat behavior that’s expected of users. The malware needed no user activity, and because it was found on a legitimate site’s ad space, it wasn’t flagged as malicious. In other words, the malware was capable of ignoring the methods used by typical security solutions and employee training, and it managed to infiltrate the system.

Even if malware somehow finds ways to ignore security protocol, there are still ways to identify and resolve problems in a moment’s notice. If you remember anything about cyberthreats, keep this in mind: they will almost always leave some sort of sign that they’re present on your network or workstation. It could be something as simple as decreased network or PC performance, or it could be something a little more obvious. You’ll know if you’re being attacked when your firewall detects viruses or malware attempting to access the network, and phishing emails are blocked by spam filters. Even something as simple as a remote administrator login on your access log can be a giveaway that you’re dealing with a hacker.

Even if malvertising is a new and growing trend, you want to make sure that your network is protected from all threats that can be found on the Internet. Using an enterprise-level security solution like a Unified Threat Management (UTM) tool is capable of limiting your business’s exposure to questionable online entities and maximize threat resistance. To learn more, give us a call at (847) 697-3282.