In past issues of this newsletter, we have reported about this hidden scourge, malvertising (see Definition), a practice where cybercriminals inject malicious advertisements into legitimate online advertising networks. We are reporting about it again because in the past year malvertising campaigns have increased by 325 percent.

To build support, cybercriminals will launch legitimate ads on trustworthy websites. They are basically trying to trick the ad networks by appearing to look legitimate.

When the trust is gained, the hackers will then insert malicious code or spyware (see Definiton) behind the ad, just long enough for the malware to be launched. The malware is then unknowingly incorporated into web pages through a malicious ad. Computers and files on the innocent victims’ computers are infected by simply clicking on a malicious ad or in some cases, by going to a site they visit frequently.

When attacking networks, cybercriminals look for the weakest point or the point of least resistance. They make the malvertising attractive in in bid to lure unsuspecting people or corporations, in order to commit fraud and steal proprietary information from them.

Malvertising isn’t going away anytime soon. It will get stronger as to cybercriminals, this is a lucrative way to monetize their attacks. According to the Association of National Advertisers, ad-fraud will cost advertisers more than $6billion in 2015.

The trajectory of such attacks seems to continue on an upward trend, as cybercriminals look for the point of least resistance such as hosting sites. What’s more, today’s network detection tools are not sufficient to identify and combat malvertising. The responsibility of securing proprietary information and keeping attackers at bay falls on the web property owners (hosting sites), ad networks and web surfers.

Cyphort Labs, a team of world class security researchers, recommends the following steps to implement an effective cybersecurity defense (see Recommendation below). Consumers are the most direct victims of malvertising campaigns as their computers become infected when they simply click unsuspectingly on a malicious ad or, in some case by simply going to a site they visit frequently.

Therefore, it is imperative that consumers keep their devices / computers are updated with the latest security patches whenever available.

Recommendation

1.  Continuous monitoring for malicious ads should be carried out by advertising networks, utilizing automated systems.

2.  Scans should occur early and often, to identify changes in the advertising chains instead of just ad creatives.

3.  Ad networks should stay up-to-date with the latest global threats, by leveraging the latest security intelligence to power their monitoring systems.

4.  Awareness and education is of paramount importance. Users should avoid “blind” surfing to reduce their exposure to drive-by infection. Keep your computer system and security software patched whenever it is available, as this will go a long way in protecting you.

Definition

1.  Malvertising – the use of online advertising to spread malware. It involves injecting malicious advertisements into legitimate online advertising networks and web pages.

2.  Spyware – software that is installed into your computer without your knowledge, to secretly gather information and transmit it to interested parties or cybercriminals.

Source

1.  Help Net Security.

2.  Forbes (image 1).

The Week That Was

1.  Combatting human error. In a 2014 IBM study, more than 95 percent of cybersecurity incidents were due to human error. This could be financially devastating to business. It could be the kind of errors made by busy programmers or overworked systems and network administrators. But, more often than not it’s a simpler mistake: innocent errors of judgement that are leaving businesses and government networks exposed to massive data loss and financial ruin.

2.  FireEye intern created and sold Dendroid malware. The 20 year old intern who had spent a 12 week internship with FireEye as a Mobile Malware Research intern, developed and sold the Dendroid malware capable of hijacking Android phones, stealing data and using the cameras to spy on innocent users. He was caught by the FBI and dashing his hopes of infecting half a million Android phones with his malware.

3.  1 billion people use Facebook in a single day. Co-founder Mark Zuckerberg reported that last Monday, one billion users connected to Facebook in a single day. That means roughly 1 in 7 people on Earth connected with friends and family using Facebook.

4.  Phishing costs an average organization $3.7 million per year. This data was gathered after 375 IT and IT security practitioners in U.S. organisations were surveyed. It was reported that training would help users spot phishing attacks and other related threats and bring down the cost by nearly $2 million.