What is Malvertising?
Malvertising, as it sounds, is a portmanteau – that is, a combination of ‘malicious advertising’. Malvertising occurs when hackers manage to inject malicious code into an online ad, and use a genuine online advertising network to spread the ad across the web. Malvertising often uses malicious code called an ‘exploit kit’, which detects vulnerabilities on the user’s browser or a web app, and uses these vulnerabilities to install malware. Once installed, the malware can allow access to the user’s computer, infiltrate a network, steal sensitive data, such as financial data, or even use ransomware to encrypt the user’s files and demand payment.
Malvertising can appear on ads provided by even the biggest, most popular and most reputable advertising networks, leading to infected ads appearing on highly trusted websites and tricking users into believing they are legitimate. Sometimes, malvertising triggers a drive-by attack, which no user interaction is needed to trigger – the user only needs to navigate to the page with the malvertising on it, and the malware is downloaded automatically.
Due to the sophisticated ways in which hackers hide the malicious intentions of their ads, malvertising has appeared on some of the world’s most well-known websites, giving even the most careful user a false sense of security.
As online advertisements are so popular, a very large number of ads are submitted to ad networks, making it hard to detect every ad containing malicious code. In addition, many times the ads being displayed on a particular page are changed very frequently, so two users visiting the same page may not see the same ads, and only one may become the victim of malvertising. This makes it very difficult to track the culprit.
Malvertising and adware are both malicious, and contain ads, but that’s where the similarity ends. Adware is usually installed without a user’s knowledge, or bundled with other software, and runs on the user’s computer. The adware will display ads directly to that particular user. In contrast, malvertising exists on live web pages, and malicious ads are shown to a wide audience. In order to become a victim of malvertising, the user must visit a particular page, or click on the ad.
The first step in the malvertising process is that the hackers create an infected ad. Then, they use an ad network to buy advertising spaces on websites. The hackers provide the network with the infected ads, which are then displayed in the spaces they bought. Sometimes there are numerous parties involved, such as different servers for different types of ads, creating an opportunity for cybercriminals to find a way to infiltrate and inject malicious code into existing ads.
Once a user visits a web page with one of these malicious ads, or clicks directly on the ad, one of the following things could happen, depending on the type of malware with which the ad is infected:
There are no hard and fast rules for identifying malicious ads, as they can look just like legitimate online advertising. With that being said, here are some particularly suspicious things to look out for:
Educate users about cyber threats like malvertising, and provide guidance for how to browse the web safely, including not clicking on suspicious links or ads.
Use an advanced security solution to make browsing the web safer for all users. Remote browser isolation (RBI), for example, allows users to browse the web as normal, while running all active code in an isolated container in the cloud, away from the endpoint. Only safe rendering data is sent to the user’s browser, where they interact with it just as they would with the actual website – only without risk. The container is destroyed once the user stops browsing, along with any malicious code, so it can never reach the end user’s computer at all.
Work only with reputable online third-party ad vendors, especially ones that are known to take proactive steps and precautions to prevent malvertising.