In this guest post, Chris Rodrigues (pictured below), regional manager for Sydney-based security software firm Check Point, introduces us to today’s newest buzzword – malvertising! Read on and realise why it’s time to start worrying…
As cyber criminals become increasingly savvy, malvertising is becoming big business. Even big name publishers like the New York Times and the BBC have come under attack in recent months. This is an increasingly widespread problem, and is an issue which the advertising and media industries as a whole will need to address soon. In particular, an increase in malvertising will likely lead to an increase in ad blocking technology, which will have knock on effects for the entire digital advertising industry.
![Unknown[1]](https://www.bandt.com.au/information/uploads/2016/07/Unknown1-420x280.jpeg)
First, the obvious question: what is malvertising? This is when cyber criminals use the digital infrastructure of ad networks to redirect users to malicious sites. These sites are usually in the form of an “exploit kit”, which is an attack that attempts to infiltrate the target user’s computer and infect it with ransomware. Ransomware is malware that locks a person’s hard drive, so that cyber criminals can essentially hold the user ransom, by demanding bitcoin payment in return for unlocking the hard drive.
The most troubling aspect of malvertising is that criminals are actually buying the ad space via ad networks. This activity is underpinned by a multimillion dollar marketplace, whereby cyber crooks are buying up massive amounts of ad space and then on-selling it to other criminals.
In other words, this is a similar business model to that employed by media agencies. In the legitimate world, media agencies are buying ad space on behalf of clients, so that those clients can reach specific, targeted audiences. The same can be said of these cybercriminal networks – they are buying up space to on-sell to cyber attackers, so that those attackers can target specific audiences with ransomware and other nasty malware that can cause havoc for the consumer.
There are such high rates of success and ROI that cyber attackers are willing to pay these cybercriminal networks big bucks to buy worthy traffic. Once upon a time this was a problem for smaller websites and ad networks, but we are increasingly seeing the major publishers fall foul of this global criminal marketplace. Earlier this year, malvertising was found to have impacted major global publishing networks the New York Times the BBC, AOL and the NFL.
These recent malvertisements are showing an increasing level of sophistication, in which the traffic sellers are successfully hunting out trusted domains to purchase ad space – they are buying audiences like any media agency or advertiser, but serving nefarious content. Worst of all this is happening right under the noses of the ad networks and the publishers, and it’s the consumer who ultimately suffers.
So what is the solution? Obviously in a digital world it is always going to be impossible to completely monitor these types of issues, but when there are potentially hundreds of thousands of people at risk, if not more, and when there is a multimillion dollar industry underpinning widespread criminal activity, it appears that more needs to be done.
A lot of the time the onus is on the ad servers, who can use third party cyber security specialists and invest time and money into validating the legitimacy of the ad which is shown at the end of the selling chain. Ad servers might also be wise to limit the attack surface, by not allowing flash ads or active content like javascript.
But what about the end user, the innocent party who is at risk of being infected by ransomware if they merely click on a banner ad? Unless the ad servers and the rest of the advertising industry get their act together and invest significant time and resources into this issue, the only real solution for the user is to install ad-blocking technology.
This is obviously not something the advertising industry wants to hear. The debate around ad blockers has been increasing for some time now, and has many in the digital advertising industry concerned about their business model. This is a legitimate concern, but if users feel like they are under attack, and if major publishers are unable to protect them against cyber criminals, then trust and credibility will erode. This will only lead to an uptake in ad-blocking technology.
Malvertising is no longer a sideline issue that only impacts small time sites and ad servers. This is big business, and if the ad industry doesn’t sit up and take notice, the problem will increase exponentially.
