In digital ads, the arsenal of tools provided by international mar-tech and PR-tech startups has been pivotal in achieving strategic objectives. While digital advertising and PR tools effectively enhance brand communication, it is crucial to recognize potential digital threats. For instance, “malvertising,” combining “malicious” and “advertising,” suggests a nuisance linked to ads rather than a serious hazard. However, its consequences are significant.
This technique spreads malware through ads on reputable websites, which direct to harmful URLs or download malware disguised as harmless content. This exploits the trust people place in well-known internet services.
In the first half of 2023, Malwarebytes detected over 800 malvertising campaigns, with the real number likely higher. Such attacks have distributed malware like Aurora Stealer and IceID, the latter notorious for enabling Quantum ransomware.
Detecting malvertising is challenging as fraudsters adeptly mimic legitimate brands, making it difficult for users to distinguish between safe and malicious ads. Understanding how malvertising works can provide essential tips for evasion.
The Mechanics of a Malvertising Campaign
Cybercriminals exploit legitimate ad networks to spread malware via banners, pop-ups, or scripts on trusted sites, targeting specific users to boost engagement. Unsuspecting clicks lead to downloads of seemingly safe files that launch harmful programs, infecting devices with viruses, spyware, or ransomware. These attacks may result in data theft, financial fraud, botnet recruitment, or ransom demands. To avoid detection, attackers frequently change the IP addresses of their command and control infrastructure using fast flux techniques.
Deception through Search Engine Ads
In mid-2023, an extortion campaign using malvertising deployed BlackCat/ALPHV ransomware via fake software download pages advertised on search engines. Victims who downloaded and executed an ISO file activated a malware dropper, installing a trojanized DLL with Cobalt Strike. This led to data theft and encryption through a double extortion scheme, all originating from deceptive ads.
Advertising on search engines is simple: advertisers pay a fee and undergo basic security checks, which can fail to detect malicious schemes. In 2022, cybercriminals advertised a counterfeit GIMP site on Google using a similar domain “gilimp.org,” tricking users into downloading Vidar, an info-stealing trojan. This incident underlines the ease of exploiting search engine ads and questions the effectiveness of ad screening.
Strategies and Struggles in Preventing Attacks
Modern PR and ad platforms should take cybersecurity seriously, protecting both advertisers and users. For example, Medialister, an innovative online platform, aims to effectively harness the power of big data to automate the communication of brand narratives through media stories. At the same time, it uses the latest cybersecurity approaches and tools to prevent data breaches. Medialister is in the final stages of SOC2 certification, providing a competitive advantage in its efforts to transform and impact PR and brand communications. Alexander Storozhuk, the platform’s founder, emphasizes the need to carefully select trusted and safe partner platforms in light of rising cyber threats.
Amid rising cyber threats, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recommended that government agencies use ad-blocking tools. However, these tools have limitations, such as requiring high access levels that could gather sensitive data. Some ad blockers may also allow certain paid advertisements to bypass blocking.
Beyond ad blockers, creating an ‘air gap’ between browsers and operating systems can limit the damage by confining malicious code. Additionally, Alexander Storozhuk stresses the importance of users maintaining vigilance against suspicious ads, verifying website authenticity, and using a DNS firewall and antivirus software to provide layered security against malvertising, thus enhancing defense by blocking harmful content and identifying malware in real time.
To further strengthen protection against cyber threats, it is essential to implement regular security audits and updates. Continuous monitoring for unusual activity within ad platforms can preemptively catch and mitigate potential breaches. Businesses should also educate their staff about the risks of phishing and social engineering attacks associated with digital advertising. Implementing strict access controls and user authentication protocols can further safeguard sensitive data from unauthorized access.
Final Thoughts
Malvertising, often overshadowed by more notorious threats like ransomware, is equally dangerous as it often serves as a gateway for serious cyberattacks. This method combines social engineering, exploitation of legitimate services, and hacking, making it a potent form of online crime. Avoiding such scams is simpler than it seems: be wary of ads with unrealistic promises or spelling errors, verify URLs of landing pages you are directed to after clicking an ad, disable autoplay in browsers, use ad blockers, and do not overlook the value of reliable antivirus software to halt these threats effectively.