Zero-Day, Angler kit exploits help drive up malvertising by 325%


A massive uptick in malvertising has taken place over the last few years and is becoming so popular that it may become the top technique used for drive by attacks, according to Cyphort Labs' The Rise of Malvertising report.

The 325% spike can be attributed to a combination of more zero-day exploits and new technology making malvertising more effective, Nick Bilogorskiy, Cyphort's director of security research, told in an email correspondence Tuesday.

“The increase is likely driven by recent proliferation of new zero-day exploits, which increased the efficiency of malvertising and made that technique more appealing for attackers,” he said adding, “We see groups behind exploit kits like Angler constantly update and mutate their kits adding new techniques to avoid detection.”

Cyphort compiled the results from an analysis 100,000 popular websites each month and discovered between 100 and 400 malvertising-related incidents monthly.

The Association of National Advertisers has estimated that the total dollar damage from ad fraud caused by malvertising could top $6.3 billion in 2015, but the Cyphort report did not put an exact monetary figure on losses suffered by consumers. Still, Bilogorskiy said it is likely huge.

“The damage to the consumer could be massive, as their machine will get infected by malware, which could extort a ransom payment (Cryptowall) or steal their credit/card banking information. The dollar cost of the infection per consumer is the same as in other attacks, but the total number of consumers impacted is very large,” he said.

The report noted that the biggest malvertising issue it found was the Huffington Post in January 2015 when Cyphort Labs detected a compromise of the AOL Ad Network, that Cyphort Labs said was conducted by the Kovter gang.

The company predicted the success enjoyed by cybercriminals using malvertising will lead to more attacks in the future.

“Malvertising is likely to become the most favorable vector for cyber criminals to conduct sophisticated drive-by attacks on Internet users with some degree of selective targeting. For example, they can choose hosting sites to target victims by industries and interest groups; they can further select individuals by geo locations and client machine types,” the report stated.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.