Hidden in plain sight: malvertising

People are placing good ads online and swapping in malicious code.

Wanna feel old?

It’s been 10 years since the first malvertising was discovered on the now defunct MySpace and Rhapsody websites. If you’re feeling even older because you don’t recognize the term, malvertising is any use of online ads to distribute malware, or scams, with little or no user input.

“They will write out a good ad, they will get you to trust them…and then they’ll switch to a malicious ad later because, you know, they’re patient.”

Sound like something you’d never see on the fine, upstanding websites you frequent? Justin Dolly, CISO at Malwarebytes, says think again.

“We all think that most of the malware, most of the malvertising and so on is probably in the darker corners of the Internet where we assume our users don’t go when they’re at work,” said Dolly during his keynote at the recent Security Insight Summit.  “There is an awful lot of malware in those environments as you can imagine. But there’s also a ton of it in all of the places that people go absolutely every day.”

There is a ton. In fact, you could say malvertising is a bit of a growth market. In the first half of 2015 alone, malvertising increased by 260 percent compared to all of 2014 [RiskIQ].  Google alone disabled 780 million ads, an increase of 50 percent over 2014.

But how exactly does malvertising work?

“Advertisers sign up with an ad network. They bid in real time to get their ad selected — here’s my ad, I really want you to put it up on your website,” said Dolly. “They will write out a good ad, they will get you to trust them…and then they’ll switch to a malicious ad later because, you know, they’re patient.”

Will malvertising affect your company and employees?  The law of numbers says one day, it probably will.  So Dolly recommends the following steps to be prepared.

*Keep your software patched – your operating system, third-party apps and traditional AV.
*Remove any software that you do not use.
*Consider using ad blockers
*Run the latest browsers.
*Use an effective anti-exploit technology.
*Take the time to educate employees on good security behaviors.

“It represents the thought leadership of your company that security is something your company cares about,” said Dolly. “And if you’re talking about it, the message will get through. It will resonate.”

 

If you’re interested in attending or learning more about the 2017 Security Insight Summit, visit the summit website for details.

GDS Group hosts experts to help experts. We strive to provide an atmosphere for our attendees that enables them to confidently lead their companies through major transformation projects. For information on upcoming events, view our Technology Summits and Executive Events. To remain current on our activities, visit GDS Group on LinkedIn Facebook | Twitter.

Related Insights

Healthcare and Digital Transformation: The Connected Patient

The Challenges of Implementing AI: Part 3

Crypto 2- Mining and Sustainability

The Future of Energy

Stay Informed

Join our community of executives leading the way in business and digital transformation.

Event Calendar

Get access to all GDS Group summits by downloading the event calendar for 2022

Download Calendar

© GDS Group 2024

Privacy Policy