By Chris Olson, CEO of The Media Trust
Malvertising, a combination of malware and advertising, has more than doubled in the past three years and is increasingly found on premium websites that are typically whitelisted by enterprises for employee internet use. Malvertising is typically spread via legitimate digital advertising services and packs a nasty, unexpected and frequently unseen punch for visitors to a compromised website. The harm is palpable: downloads exploit kits, drops ransomware code, redirects to compromised landing pages, serves fake pop-ups, presents a phishing-oriented form, and the list goes on.
Malvertising comes in many shapes and sizes: the majority of the time, malicious code triggers auto-downloads of malware and occasionally requires user-initiated clicks. The malware is also hard to detect since it attacks only when certain conditions are met, for example, if a website is accessed via mobile devices, or if a user from specific geography visits an infected webpage. Today, malvertising is designed to target geographies, devices, browsers, behavior, and even corporate IP blocks. Unfortunately, evolving sophistication makes it a difficult beast to control. Its ability to penetrate corporate networks highlights the fallibility of traditional security defenses like blacklists, whitelists, generic threat intelligence, AVs, web filters, and firewalls, etc.
Hiding in Plain Sight
Hackers use the digital ecosystem to hide malware in plain sight by hitching a ride with legitimate advertising campaigns, and the result is a malvertising incident. That is what makes it so stealthy and able to evade traditional enterprise security defenses.
Fake virus alerts and system updates delivering malicious exploit kits are ubiquitous in today’s highly complex and dynamic digital ecosystem. But, those tricks are easy to see. In order to effectively deliver malware, threat actors have resorted to sophisticated coding to evade detection. Increasingly, the malware only executes when predetermined conditions are met, i.e., geography, device, or user profile combinations. For example, Lucy in London on a mobile device receives the malware but Bob in Boston on a laptop did not. Furthermore, in order to accurately target and deliver malware to specific endpoints and internet users, threat actors exploit the very technologies that website owners utilize to deliver customized and personalized content to their users.
Some enterprises attempt to address malvertising by adopting Adblockers. While this sounds like a great idea, it is not a reliable security defense since the ad code can execute before the blocker is activated, among other reasons. As adblock adoption increases, so does the implementation of anti-adblocking technology which, as predicted, drives the exploitation of both tools. Provided by third-party vendors, anti-adblocking technology operates outside the purview of media publisher IT/Security infrastructure and can surreptitiously be hijacked via code obfuscation. The only effective way to tackle web-delivered malware is to incorporate web-based attack data into enterprise filtering, firewall or antivirus defenses.
Cutting the line on Malvertising
Each new malvertising campaign erodes consumer trust, both in the website operator and the internet at large.
Complementing anti-virus and other filtering tools, enterprises need an additional layer of protection that leverages real-time threat intelligence regarding active and stealthy threats propagating in the digital ecosystem. This web-based attack data exposes real malware events that can be proactively arrested before penetrating the enterprise network and endpoints.
Malvertising is a chameleon that can change domains, delivery channels, and payloads by blending in with the background. Rather than allowing malvertising instances to successfully penetrate the enterprise network, organizations must employ defenses that investigate all code operating within their domain so threats can be identified and barbs removed before anyone gets hooked.
About the Author
Chris Olson co-founded The Media Trust with a goal to transform the internet experience by creating better digital ecosystems to govern assets, connect partners and enable Digital Risk Management. Chris has more than 15 years of experience leading high tech and ad technology start-ups and managing international software development, product and sales teams. Prior to The Media Trust, Chris created an Internet-based transaction system to research, buy and sell media for TV, radio, cable, and online channels. He started his career managing equity and fixed income electronic trading desks for Salomon Brothers, Citibank, and Commerzbank AG.