A recent report by security firm Cyphort Labs has shown a dramatic rise in the amount of malware sent through advertising, known as ‘malvertising’. It is fast becoming one of the most popular types of drive-by attack for cyber criminals, who can easily corrupt the legitimate ad supply chain, targeting consumers directly and infecting their machines with malware.
Malvertising works by hackers placing seemingly legitimate or ‘clean’ ads on sites, and then altering or executing secretly embedded codes that can force a computer to load malicious software. According to Cyphort, cyber criminals are choosing this method because it offers little or no resistance when attacking networks.
Some of these infected ads need to be clicked on in order to release the malware, but an increasing number of cases are appearing where the ads are instead covertly embedded with code that can exploit browser vulnerabilities, thus not even requiring the victim to click on anything before falling under attack.
There is even an element of sophistication in the development of malvertising, as cybercriminals are able to conduct attacks with some degree of selective targeting – much in the same way that legitimate ads can.
2014 alone saw a colossal 325% rise in malvertising, with cybercriminals costing global advertisers an estimated $6.3 billion this year through the use of automated programs and click-through ads on third party sites.
With the continued increase of websites using cookies to produce targeted ads as well as our own growing online habits, malvertising looks set to rise further still. The challenge then is for ad networks to keep a hold of their ability to control and monitor each and every ad that is being cast out into the cyber-sphere.