Malvertising is a unique kind of online threat where malware is spread to users' devices through ads. In other words, advertisements act as carriers, transmitting harmful links via websites that users typically trust and regard as reputable.
Malvertising attacks are effective because they trick users into willingly clicking harmful links. Attackers study and infiltrate search focus groups that align with users' interests. As a result, users, driven by their passions and interests, end up downloading harmful content, unaware of the lurking threat.
Attackers bypass the user's defense mechanisms because there are no immediate warning signs of danger from the website or search engine. In addition, the download of the malicious code does not happen right away. It is during the second stage, when the individual has psychologically let their guard down, that the harmful download occurs.
Hackers often employ scripts and macros to carry out malvertising attacks. In particular, the attackers used to hone their techniques using Microsoft Word macros. Originally designed to boost productivity, macros have been manipulated by cybercriminals to serve their malicious purposes. As a result of this misuse, Microsoft decided to cease developing and promoting this potent functionality. However, getting rid of similar scripting mechanisms on the Internet turned out to be impossible. The inability to completely eliminate such scripts is a primary reason for the increasing commonality of malvertising attacks in recent times.
Let's look at the example of a cyberattack. Attackers
The infection process starts as soon as the user downloads and installs the software from a fraudulent site. For example, alongside the legitimate version of Python, a Trojan-infected version is also installed on the operating system. This Trojan then establishes a
Using PsExec,
Beyond attacks involving software downloads, malvertisers are also targeting various lucrative sectors of the online industry, such as entertainment and finance. They entice users to phishing sites where unsuspecting individuals believe they are investing their money into legitimate businesses. However, in reality, they are unwittingly handing over their funds directly to the hackers.
To place an advertisement in search results, you simply need to pay a fee and go through a preliminary verification process. The ease of implementing this procedure is well known. For example, in November 2022, it came to light that
In response to this and other attacks,
It has been observed that there are persistent challenges in detecting malvertising code using antivirus tools. This issue is mainly attributed to the fact that, as reported by WatchGuard, a significant
In 2020, a significant incident occurred where malicious links spread through
Clearly, when conducting malvertising attacks aimed at a specific group of victims, there must be a specific method for choosing these targets. Such a mechanism does indeed exist and is actively employed.
Attackers employ a variety of tactics to evade detection for as long as possible. When selecting a method for delivering online advertising, they often use a camouflage approach. This involves tailoring content to match the user's interests, preferences, and location.
In essence, you need a specific trigger that can effectively engage the right type of user while concealing the presence of malicious code during checks. To achieve this, various parameters provided by web browsers are utilized, including location data (such as country and city), the browser type (e.g., Chrome, Firefox, or search robots), IP address (whether it is private, corporate, or VPN), and the current time of day (whether it is working hours or the weekend). If any of these parameters do not align with the attack's objectives, the script displays a harmless page that does not raise suspicions and may even redirect to official websites.
To evade detection by antivirus tools, attackers occasionally exploit limitations within software products. For example, many antivirus programs often postpone scanning large files, typically those exceeding 100 MB.
Clearly, the most effective defense against malvertising attacks would be for the search networks to take action. However, Google and many websites rely heavily on revenue generated from ads. The owners of Internet resources are not inclined to combat malvertising even if it risks damaging their reputation. They often attempt to shift the blame onto ad networks.
End users have the option to employ ad blockers on their devices. However, this approach also presents several challenges. Ad elements are often deeply intertwined with the page code, causing the site to function incorrectly when ads are removed. Furthermore, some website owners intentionally block users with ad blockers to safeguard their revenue.
The growing number of incidents prompted the US Federal Cybersecurity and Infrastructure Security Agency (CISA) to
There is a proposal for both private and government organizations to adhere to industry security standards when using web browsers. The variety of web browsers and their different versions in use provides attackers with numerous avenues for exploitation.
Another suggestion is to isolate the web browsersinstalled within institutions from the primary operating environment and operate them within sandboxes. Additionally, there is a recommendation to extensively leverage domain name system (DNS) technologies.
Web content filtering can also be deployed to prevent malware from entering through online advertising and to neutralize data collection threats. To block undesirable traffic at Internet access points, some tools employ artificial intelligence to detect and identify threats.
While ad blockers are good, to further strengthen your personal cybersecurity and protect against malvertising, it is crucial to employ additional methods. Here are some examples:
Malvertising methods are widely used to install malware. These attacks also extend to online platforms involving financial transactions, including retail, financial services, and the entertainment industry. Google Ads stands out as a prominent conduit for malicious advertising. Being aware of malvertising threats can diminish their impact, yet to ensure adequate protection, a combination of technical measures is essential.