Incident Response, Malware, TDR, Vulnerability Management

Malvertising: An attack that could be easily avoided

As if online advertisements were not enough of a nuisance, a sinister variant is gaining traction.

Fraudulent and malicious advertising – known as malvertising – is among the sneakier threats discussed in the latest set of guidelines released Tuesday by the Online Trust Alliance (OTA), a nonprofit community formed to promote safe internet practices.

Malvertising is a lesser known attack method that is quickly gaining momentum, and it is exactly what it sounds like: online advertising used to spread malware. Ne'er-do-wells are able to distribute the compromised ads to genuine websites by using fraud identities, web hosting accounts and email addresses to trick companies.

What happens next is pretty standard: An unsuspecting user clicks on the advertisement, unknowingly downloads a piece of malware, and consequently begins experiencing any number of problems that might be spurred by the malicious attachment.

“This is a real threat and a real challenge,” Craig Spiezle, OTA executive director and president, told SCMagazine.com on Wednesday. “If that ad gets served, even if it is taken down 24 to 48 hours later, hundreds of thousands have seen it.”

Since attackers use stolen or fraudulent credentials, “it's anonymous and scalable,” Spiezle said of the particularly effective form of attack.

With one piece of malvertising averaging out to a hundred thousand impressions, or views, Spiezle said it is safe to estimate that 10 billion malicious advertisements were seen in 2012, with 42 percent of them coming as drive-by executions without user interaction.

The OTA think-tank analyzed hundreds of malvertising cases and in the end determined that more than 60 percent of instances involving fraudulent ads would have been easily avoidable had the company exercised “operational discipline and a vetting process to make sure the advertiser was legitimate,” Spiezle said.

To mitigate risk, entities that allow advertising are encouraged by the OTA to take a little bit of time to question the situation – asking about ad-serving activities, timing and urgency, corporate and individual identity, and reputation – to get a feel for the promoter.

Other areas explored in the newly issued guidelines include addressing botnets – a typically large network of compromised computers used to carry out illicit tasks – through a coordinated effort involving prevention, detection, notification, remediation and recovery, as well as best practices for web hosting and cloud service providers.

What areas will OTA explore next?

“We need to think about how mobile devices are being compromised,” said Spiezle. “As a result of the surge in mobile usage as a platform, cyber criminals are following the people and the money.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.