Incident Response, TDR

Report: News, entertainment websites serve majority of malvertisements


Malvertising has been on the rise throughout the first half of this year, and the threat is particularly dangerous because it is being used to infect visitors to popular websites, according to the "Endpoint Exploitation Trends 1H 2015" report from Bromium.

In the first half of 2015, researchers observed that malicious advertisements – typically used to distribute malware, oftentimes without any user interaction – impacted news and entertainment websites more than 50 percent of the time.

According to the report, some of those news and entertainment websites included the sites for CBS News, NBC Sports, Weather, Star Tribune, Goodreads and China Times. Meanwhile, search websites made up 12.7 percent of malvertising attacks, and learning websites made up 7.9 percent.

Blocking or preventing malvertising is a significant challenge for security professionals, the report indicated.

“First, volumes of web ads are so high it is impossible to verify them all; and second, the very economy of the web depends on the ad infrastructure and hence blocking or disabling ads or even just slightly changing the advertisement policy is a big deal,” the report said.

Several of the other findings in the Bromium report echo Cisco's "2015 Midyear Security Report": Angler Exploit Kit activity is on the rise, attackers are using macro-based malware embedded in Microsoft Office documents, and vulnerabilities in Adobe Flash Player are being highly targeted by attackers who are using increasingly evasive malware.

Attackers are additionally relaying command-and-control protocol over Tor to skirt detection in the first half of 2015, the Bromium report showed. This is commonly seen with ransomware. Bromium researchers observed about nine new strains in the first six months of this year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.