The covert content has been aptly dubbed ‘malvertisements’ and has soared by 260% in the first half of 2015 compared to last year’s figures. Of course Yahoo! isn’t the only victim but it does appear to have suffered more than most.
Earlier this month industry-leading anti-malware and internet security software provider Malwarebytes exposed an underhand new malvertising campaign specifically engineered to attack Yahoo sites. While the search engine was quick to shut down the assault the group did briefly gain access to the company’s 6.9 billion monthly users. The hackers used the insider status to roll out the Angler Exploit Kit, made notorious during the CryptoWall ransomware and effect click fraud bouts.
So what exactly are malvertisements and why should we be concerned? Read on as we explore the phenomenon.
A new breed of malware?
James Pleger, research director at RiskIQ describes malvertisements as “A combination of ‘malware’ and ‘advertisements,' or simply malware that comes through an advertisement." If content is both malicious and delivered via an advertisement, it neatly falls into the malvertisement category.
For the majority of users malvertisements are undetectable. They take on the same seemingly legitimate and indistinguishable appearance as the ads that pop-up across websites, blogs and social networks in their thousands. This "hiding-in-the-open" technique lulls browsers into a false sense of security and makes malvertisments a hugely effective way of overcoming online suspicion and hesitancy.
Lifting the lid on the malvertisements trend
RiskIQ released its latest report at the annual Black Hat cybersecurity and hacking convention in Las Vegas. The San Francisco based cyber security company analyses around two billion publisher pages and 10 million mobile apps on a daily basis. It used this heavyweight data to reveal the extent of the malvertisements phenomenon that’s currently plaguing Yahoo. In the first six months of 2015 analysts logged a staggering 450,000 malicious ads. This represents a 200,000 increase on last year’s figure of 250,000. The data also indicated that unique malvertisements are also on the rise, with the presence of these rising by 60%. Yahoo! is infiltrated with 80,000 of these every six months.
Pleger explains, “The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware.”
Should we be shaking at our keyboards?
So what does the rise in malvertisements mean for the digital world? RiskIQ has grave concerns that the automated nature of the industry leaves users vulnerable to attacks. For sophisticated cyber criminals, concealing malicious code inside ads or embedding web pages with executables is now all too easy.
Users infected by ransomware often discover their hard drive has been encrypted and are directed to pay a fee to unblock it or, will find themselves redirected towards websites they wouldn’t otherwise visit.
Unsurprisingly, it’s widely known, used and trusted applications that malvertisements target. RiskIQ revealed that Flash updates were the most commonly used malware download bait, followed by AV and Java updates. These fake software update prompts are now considered the most effective way to covertly install malware, overtaking the popularity of exploit kits.
As for why malvertisements have soared in popularity over the past 12 months – Pleger maintains that it’s simply because they are effective, robust and easy to roll out.
“There are a number of reasons for this development, including the fact that malvertisements are difficult to detect and take down since they are delivered through ad networks and are not resident on websites,” he explains. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”
So is the malvertisement epidemic here to stay? Yahoo and its fellow web giants are working vigorously to fight malvertisement cyber criminals and inevitably they’ll succeed. But unfortunately, for every ultra-talented security developer there’s a similarly apt cyber criminal dreaming up new ways to target everyday internet users. Staying one step ahead of these digital felons is where the focus needs to be as we enter the final quarter of 2015.
How can users protect themselves?
There are a number of ways users can protect themselves from malvertisments;
- Disable flash players in all browsers
- Install anti-virus software with malware detection built in
- Install updates for operating systems and applications as they become available