Oxford Dictionary defines malvertising as ‘the practice of incorporating malware in online advertisements.’ Short for malicious software, or malware advertising, this is the practice of attacking viewers or consumers with fraudulent information that is inserted into sometimes (but not always) legitimate advertisements.
How Does It Work
Malvertising works in conjunction with the online advertising ecosystem by initiating multiple redirects after the user clicks or views an infected advertisement. This is done by cyber criminals hiding a small bit of code within legitimate advertising content. This can be integrated into ad servers, publishing servers, or other platforms that work together to display online ads. For example, the New York Times publishes content from its writers as well as content that is in partnership with businesses that have hired ad agencies to provide digital ads. This means that there are multiple moving parts that work together to provide the ad interface and content for readers to access the ads. Along with other legitimate sites like the BBC, The Onion, The London Stock Exchange, and many other websites, they have been injected with malicious ads that led to readers being hijacked and redirected to sites demanding a ransom to unlock their computers.
Because of the vulnerabilities of some browsers, the installation of the malware can happen simply by viewing the advertisement. Malvertising isn’t the actual virus, but it can lead to the deployment of one. It is threatening because it isn’t always detected right away – or ever – and it doesn’t require action by the reader or viewer to be deployed and dangerous.
Not All the Same
Malvertising is not the same as ad malware or adware. Adware, short for advertising-supported software) is installed usually without knowledge from the user. This can include pop-up ads that are automatically and repeatedly displayed without the ability to stop or control them by the user.
How Do You Stop It?
Training users to make smart cybersecurity decisions is one of the first lines of defense when it comes to protecting a business from cybercrime. While as an MSP you can provide them with the latest plug-ins and software updates, they must be continually on alert in today’s threat landscape against the tactics that hackers will use to gain access to their network or disable their ability to work.
Breach Secure Now has tools like our Baseline Employee Cybersecurity Assessment that will give insight into the knowledge of a client’s team so that you can help to mitigate any risk. It also provides you with an opportunity to show potential clients where their employee’s cybersecurity knowledge is, and then offer the solution on how to increase their awareness and by doing so, protect their business. If you have questions or want to talk about how to use this tool and our many others that will offset the risk of a breach, contact us today!