Malvertising: Why All Digital Ads are NOT Created Equal

When you are browsing the internet, do you think twice before you visit reputable sites such as the New York Times, MSN, Spotify, the Weather Network and the NFL?  If you answered “no” you’re definitely not alone, but in the age of malvertising, it’s important to know that virtually no website is completely safe anymore.

Malvertising is an especially sneaky security threat, as you don’t need to click on anything or interact with the infected website in any way.  And otherwise respectable sites are not immune from being infected.  All you need to do is open a webpage that hosts ads and you are more or less at risk.HNCK0906-300x200 Malvertising: Why All Digital Ads are NOT Created Equal

But how do these infected ads get on trustworthy, high-traffic websites you’re wondering? Basically, the bad actors have learned how to exploit the system that places ads across the internet.  With few exceptions, individual websites work with ad networks that handle the bidding process for ad time and then ultimately serve up the ads to page viewers.  So cybercriminals have learned that in order to infiltrate the system, they begin by placing perfectly clean ads with the ad network.  As the network begins to trust the advertiser, the ads get increasing visibility on popular, high traffic sites.  Once this relationship of trust is established and ads are regularly being served up on reputable webpages, the cybercriminals begin inserting malvertising code into their ads and just like that, a site like the New York Times is infecting every single viewer.

Malvertising code, itself, doesn’t threaten your computer directly, but what it does do is open up a channel to criminal servers that can then launch remote attacks and ultimately cause you tremendous headaches and loss of productivity.  But there are things you can do to protect yourself:

  1. Install an antivirus program that can identify and address “exploit kits”. This won’t prevent a malvertising attack, but it should be able to locate and neutralize any security vulnerabilities caused by malvertising.
  2. Uninstall browser plug-ins that you don’t need, as they are inherently the most vulnerable elements of your system.
  3. Ensure you keep all elements of your computer up to date. This includes web browsers, plug-ins and operating systems.
  4. Consider installing ad blocker software.  This isn’t a good solution for everyone, as increasingly more websites limit or prevent access if ad blocker software is detected.

The sad reality is that unless you stop using the internet altogether, there’s probably no sure fire way to avoid malvertising completely.  But if you take these few simple recommended steps, you can significantly decrease your chance of being targeted by cybercriminals.  If you have more questions about preventing a malvertising-related attack, don’t hesitate to reach out to the team at ATB.