In our modern world of ‘digital-everything’ we are constantly surrounded by advertising. Be it on a streaming service (even if you pay for it), social media or simply trying to read an article on your local newspaper’s website, they are everywhere, seamlessly integrated into almost every interaction you have with a screen. These digital adverts are delivered programmatically, using a finely curated profile about you based upon varied and numerous data points. The ubiquity of advertising and the rise of advertising networks has led to a sinister new monster, lurking in the shadowy corners of your screen: malvertising.

A portmanteau of ‘malicious software (malware) advertising’, malvertising represents a new vector of cyber-attack hiding in plain sight. Utilising the injection of malicious code into digital ads fed to victims, often, by legitimate advertising networks, it can be incredibly challenging to detect. When a victim clicks on the advertisement the code can install malicious software onto their computer. Alternatively, it might redirect the victim to another website to attempt a spoofing or social engineering related attack.

Whilst the concept of attempting to get a victim to click on a link to allow malicious action to be carried out is not necessarily ground-breaking (some readers may recall the garish popups that plagued the early internet), this new evolution in technique is a relatively new threat. The ubiquity of advertising can lead to a false sense of security. If a bad actor has managed to access a 3^rd party server and injected this malicious code into adverts being served by a legitimate advertising provider they may even appear on legitimate, high-profile websites or services; this exact situation can seem very low risk to a potential victim who may be enticed to click on a legitimate looking advertisement. There have been several incidences of high-profile organisations delivering such malvertising; however, it is important to note that as the ad network itself has been compromised rather than the website itself it can be very challenging for these organisations to identify these risks.

Security researchers have recently published  a recent and high-profile incidence of malvertising: job adverts on Facebook. In short, clicking through these links led to victims having a piece of malware known as a ‘stealer’ installed on their devices, with the aim of collecting log in credentials and other information from the victim’s device and sending it to the bad actors, who could then use it for their own, nefarious purposes (perhaps to directly access and take over accounts, or alternatively to sell the stolen credentials to yet more bad actors).

Due to the nature of how malvertising operates it can be incredibly challenging to detect and avoid, especially for consumers but also for the publishers of the advertisements. It is also challenging for cybersecurity experts to identify these adverts as well, due to the rotating nature of adverts delivered by advertising networks.

With that said, there are some fundamental steps to take that can help reduce the risk if you fall victim to malvertising.

1. Ensure that all of your antivirus tools are turned on and kept up to date. Bad actors do constantly try to utilise the newest exploits and vulnerabilities, so ensuring your antivirus is up to date means it has the best possible chance of catching and quarantining any malicious software installed onto your device.

2. Further to the above, ensure to keep all of your software (and, by extension, any plug-ins and extensions you have installed) up to date as well. Much as before, bad actors can try to exploit vulnerabilities in older software as points of access.

3. If you are redirected to a new website after clicking on an advert, ensure that the website is what you believe it to be. This means taking actions such as checking that the URL is correct, checking that it is using https security protocols (look for the little lock icon in your browser’s URL bar), and checking that the language and content is as you expect it to be.

4. Additionally, always bear in mind that an offer may simply be too good to be true – often a tactic used on spoofed websites to try to extract victim information such as credit card details.

Resources:
CrowdStrike: Malvertising: https://www.crowdstrike.com/cybersecurity-101/malware/malvertising/

Trustwave https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.