Malvertising may sound like something out of a bad sci-fi novel, but in our modern digital age, online advertising is just about everywhere and malware is almost equally pervasive. Whether you’re on social media, streaming, or checking the news, chances are you’ll come across digital advertising while doing so.
We’ve warned you about adware, but malvertising is a different spin on infected ads. However, if you read on we will show you what malvertising is and how to avoid it.
What is malvertising?
Malvertising involves using advertisements to spread malware among devices. We’re no strangers to digital advertising nowadays, and cybercriminals know this. So, by using advertisements to spread malicious programs, it’s easier to trick the victim and the device they’re using.
Malvertising is a relatively new player in the cybercrime game, having only been around for about fifteen years. But the threats of this cybercrime tactic are evident.
Well-designed malvertisements can look like any other benign advertisement you may see online, be it a banner ad, pop-up, or anything else. That means they can be hard to spot. Those who create and distribute such content are known as “malvertisers.”
A malvertiser will often submit their malvertisement to a third party that can display their content for them. The third party will likely have no idea that they’re dealing with something harmful. But in reality, this malvertisement will then be distributed to whoever comes across the third-party site, putting them at risk.
Alternatively, a malvertiser could compromise a third-party server to install malicious code into its advertisements.
The cornerstone of malvertising is the use of exploit kits, or exploit packs. These are used by cybercriminals to exploit security vulnerabilities on a target’s device. In short, they make it easier for an attacker to access and take advantage of systems.
Exploit kits are especially useful for those who don’t have a lot of technical knowledge. Contrary to popular belief, not all cybercriminals are tech-savvy, which has opened up a gap in the dark market. Using an exploit kit, the process of hacking into a device can be made that much easier for the attacker.
The exploit process starts with a landing page, which contains code that can scan a target’s device for any existing security vulnerabilities. If there’s any weakness that can then be capitalized upon, the attacker who purchased the exploit kit will be notified.
Exploit kits commonly exploit vulnerabilities in browser extensions like Java and Flash to target a system. If the exploit is successful, the kit can launch the malicious payload onto the victim’s device, giving the attacker control.
There are a number of notable malvertisement campaigns that have taken place in the past or are taking place right now. Take RoughTed, for example. This huge malvertising campaign reached a peak in 2017 when it was first discovered. RoughTed’s operators were managed to use a range of different techniques to successfully spread malware.
What’s particularly worrying about malvertisements is you don’t need to heavily interact with them for their malware to spread to your device. All it takes is one click of the malvertisement, and the malware can be installed.
So, what can you do to avoid malvertisements and protect your devices?
How to avoid malvertising
Because it can take just one click to fall victim to malvertising, it’s crucial that you know how to avoid it.
Because malvertising uses exploit kits that scan for vulnerabilities, it’s important that you make sure your devies are as protected as possible. This includes using the best antivirus software, firewalls, and removing any software that you no longer use.
It’s also important that you update your apps, and your operating system, on a regular basis. Updates can include fixes for bugs and vulnerabilities that attackers can exploit, so keeping your programs and your device up to date can further protect you from malvertising.
Using some kind of ad blocker can also be useful, as this will help you steer clear of advertisements in general, and will therefore lower the chance of you interacting with a malvertisement.
On top of this, you should limit your use of extensions like Flash and Java, and ensure they’re only active when you’re using them. You can do this by enabling your browser’s click-to-play feature, which will prevent such programs for running unless you want them to.
Google Chrome, for example, has a click-to-play feature that works with all extensions. So, consider using this feature to steer clear of malvertising.
Malvertising is prevalent, but can be avoided
Today, the risk of coming across malvertising should be a concern for all of us. But by employing the correct security measures and staying vigilant online, you can reduce your chances of being hit by malvertising, allowing you to keep your device and your data safe.