Is Your Corporate Data Safe from "Malvertising" Attacks?

Posted by Sagiss LLC on Fri, May, 29, 2015 @ 14:05 PM




How Does Malvertising Differ from other Malware and Ransomware?

We all know those people—the ones whose “History” folder is empty more often than not and whose computers mysteriously contract one virus after another in a slew of mind-boggling attacks. We offer an empathetic nod as they chalk it up to lousy luck or the wrath of the computer gods, all while thinking, “Mhm, buddy, I don’t think it’s the computer God who is judging you”. 

So, what about the rest of us? Those of us who avoid seedy back-alleys of the Internet and boast hefty History folders can sleep soundly at night knowing our fragile machines are safe from destructive malware…right?

Enter “malvertising”, one of the shadiest forms of malware that can and does infect even the best of us. As the name suggests, malvertising is short for “malicious advertising”—fraudulent ads containing malware that hide in plain site on even the most reputable of websites (think Yahoo and Youtube).

Profiting from the chaotic, laissez-faire nature of modern-day Internet advertising, in which ads are bought and sold in mere milliseconds by automated trading programs with scarce accountability, these ads are increasingly snagging unsuspecting web surfers. According to the Online Trust Alliance, a global, non-profit organization that provides guidelines for online businesses, in 2013, 12.4 billion malicious ad impressions occured--a 225 percent increase from 2012. Either through deceitful “social engineering”, (see the “Kyle and Stan” fiasco of this past September), or “drive-by” downloads, where the victim becomes infected simply by visiting a webpage, these lurking disasters spell trouble even for the most conscientious of users.


How to Protect Enterprise Data

With the odds stacked so heavily against you, protecting yourself from malvertising can seem like an insurmountable challenge. After all, how do you fight something that’s invisible, lingers in the shadows of your favorite websites, and has its beady little eyes set right on you? Luckily, there are proactive steps you can take in order to block malvertising before it has a chance to sink its grimy claws into your system.

  1. Make sure that you have solid antivirus software that is both up to date and comprehensive. This will prohibit most malware from installing and also eliminate any malware that may have slipped past its initial defenses.
  2. Make sure your web browser and browser plugins (such as Java or Adobe Flash), as well as operating systems are up to date in order to ensure that any known flaws are fixed. Malvertising viruses slither into your computer by way of these flaws. You want your systems to be airtight.
  3. Furthermore, opt for “click-to-run” browser settings so that Flash ads don’t play automatically or disable Java (but not Javascript) in all or most browsers.
  4. Set browsers to flag malicious content on a Web Page. For example, Google Chrome can detect phishing and malware: In “Settings”, click “Show Advanced Settings”, scroll down to the Privacy section and click “Enable Phishing and Malware Protection”. Voila!
  5. Create multiple user accounts with different privileges on each computer. Give one account administrative rights to install and modify software and use it only for these purposes. For web browsing and other online activities, use limited accounts that cant install software.


Further Reading:

3 Telltale Signs Your Data is Being Hacked

References: Honorof, Marshall. "'Kyle and Stan' Malvertising Hits Amazon, Yahoo, YouTube." Tom's Guide. 10 Sept. 2014. Web. 28 May 2015. Scharr, Jill. "Malvertising Is Here: How to Protect Yourself." Tom's Guide. 5 Nov. 2014. Web. 28 May 2015. Kashyap, Rahul. "Why Malvertising Is Cybercriminals' Latest Sweet Spot." Conde Nast Digital. Web. 28 May 2015