How to Protect Your Company Against Malvertising
In the late 2000s, when computers and the Internet were becoming part of our daily lives, cybercriminals injected malware into DoubleClick, Google’s advertising network.
Although malvertising on the Internet has been around for a long time, this cyberattack delivered malware via advertisements on high-traffic web pages, infecting many users.
This is how malvertising, or malicious advertising, began to develop, becoming increasingly sophisticated and becoming, even today, a threat to users and companies.
Malvertising is the technique by which cybercriminals inject malware into Internet advertisements. These types of malicious advertisements are made in such a way that they encourage the victim to click on them. If they do, they automatically download malware to the device or redirect the user to a malicious web page.
What forms of malvertising can we find?
Although the purpose of this type of attack is the same, we can enter into different types of malicious advertising on the Internet.
The most common are ads, for example, banners, which automatically download malware to the device when clicked without the user’s consent. Once downloaded, the cybercriminal could perform malicious actions on the victim’s device.
Others are configured in such a way that they redirect the user to another web page with malicious content. From there, an attempt will be made to trick the victim into downloading malicious software.
This situation is dangerous in any case, but even more so regarding enterprise devices. Downloading malware can compromise confidential business information, even demanding financial ransoms ( ransomware ).
The ad’s content can vary, but cybercriminals usually use social engineering to lure their victims: incredible discounts or unique opportunities through an eye-catching format that turns out not to be real.
Ads reporting updates or other security warnings are also common, and while they may appear legitimate, they also contain malware. In fact, if we think about it, it is ironic to infect our “healthy” device by clicking on a “Your computer could be infected.”
In any of these cases, cybercriminals use a lure to perpetuate their attack; that is, they need the victim’s interaction, but clicking to fall into their trap is not always necessary. Drive-by Download attacks work in a way that is virtually invisible to the user.
By simply accessing the website where the malicious ad is hosted, cybercriminals could exploit vulnerabilities in the browser or device to gain control of the victim’s computer.
How can malvertising affect my organization?
Malvertising is aimed at any user likely to fall victim to it. This also affects companies, whose employees often surf the Internet via company devices. Downloading malware onto corporate computers can be a big risk. Still, it’s not the only way malvertising can affect an organization.
In addition to the role of the victim, a company could unknowingly adopt the role of an attack channel. Cybercriminals often use the popularity of trusted companies to host malvertising on their web pages, attracting more potential victims.
Also, through social engineering, they manage to impersonate well-known brands and misuse them to perpetuate their attack. In any case, being part of the chain of this attack can mean economic losses for the organization, customers, and investors and even incur legal responsibilities.
But if this technique is getting increasingly sophisticated, how can we distinguish malvertising from real one?
To avoid this trap, all company personnel must be aware and follow some basic guidelines to differentiate malvertising from real advertising.
In general, malvertising can be avoided by applying common sense. Legitimate ads usually come from a legitimate company, a well-known company. If the source cannot be identified, it is probably malvertising.
It is also important to analyze the language and form of the ad. In malvertising, flashy or alarmist messages are often used to attract the victim’s attention. It’s important to remember that if it’s too good to be true, it’s best to avoid it.
Cybercriminals often use pop-ups to draw users’ attention to malvertising. Usually, it is better to close these types of ads directly and avoid clicking on them.
Finally, it is important to check the URL of the destination web page. The ads will have a friendly URL, easily identifiable to the trusted website. If the web address is suspicious, it is best to avoid it.
What protection measures can we take to avoid being victims of malvertising?
It is important to consider a series of good practices to prevent our company’s equipment from being affected by malvertising, putting the organization’s security at risk.
- Always verify the legitimacy of the websites that are visited. Before accessing any website, it is essential to ensure it is a legitimate page. Although these can also contain malvertising, some less secure ones are more likely to be infected.
- Keep the software updated to the latest version. As we always repeat, the vulnerabilities of outdated software are an open door for cybercriminals.
- Use appropriate protective measures. In addition to antivirus and firewalls, there are ad blockers in browsers that can largely filter out malvertising.
- Never reveal personal information through advertisements. Although it may appear to come from a legitimate website, it could be a scam.
- Raise awareness among all employees and train them to learn to distinguish between real and malicious advertising.
In addition, companies whose activity is on the Internet must ensure their web page does not present malicious advertising. If a user were a victim of malvertising through an ad hosted on a company’s website, the company’s reputation and credibility would be seriously affected, and the trust of customers could be lost.