Malicious advertising may seem like something out of a bad sci-fi novel, but in our modern digital age, online advertising is just about everywhere and malware is almost as prevalent. Whether you’re on social media, streaming, or checking the news, chances are you’ll encounter digital advertising while doing so.
We warned you adware, but malicious advertising is a different version of infected advertising. However, if you keep reading, we’ll show you what malicious advertising is and how to avoid it.
What is Malicious Advertising?
Malicious advertising is the use of advertisements to spread malware between devices. We’re no stranger to digital advertising these days, and cybercriminals know it. Thus, by using advertisements to deliver malware, it is easier to deceive the victim and the device they are using.
Malicious advertising is a relatively new player in the cybercrime game, having only been around for about 15 years. But the threats of this cyber crime tactic are obvious.
Well-crafted malicious ads can look like any other benign advertisement you may see online, whether it’s a banner ad, pop-up window, or something else entirely. This means they can be difficult to spot. Those who create and distribute this content are known as “malvertisers”.
A malvertiser will often submit their malicious advertisement to a third party who can display their content for them. The third party will probably have no idea that they are dealing with something dangerous. But in reality, this malicious advertisement will then be distributed to whoever come across the third party site which will put them in danger.
Alternatively, a malvertiser could compromise a third-party server to install malicious code in their advertisements.
The cornerstone of malicious advertising is the use of exploit kits or exploit packs. These are used by cyber criminals to exploit security vulnerabilities on a target’s device. In short, they make it easier for an attacker to access and exploit systems.
Exploit kits are especially useful for those who don’t have a lot of technical knowledge. Contrary to popular belief, not all cybercriminals are tech-savvy, which has opened up a gap in the black market. Using an exploit kit, the process of hacking a device can be made much easier for the attacker.
The exploit process begins with a landing page, which contains code that can scan a target’s device for any existing security vulnerabilities. If there is a weakness that can then be exploited, the attacker who purchased the exploit kit will be notified.
Exploit kits typically exploit vulnerabilities in browser extensions such as Java and Flash to target a system. If the exploit is successful, the kit can launch the malicious payload on the victim’s device, giving control to the attacker.
There are a number of notable malvertising campaigns that have taken place in the past or are ongoing. Take RoughTed, for example. This huge malvertising campaign reached its peak in 2017 when it was first discovered. RoughTed operators have managed to use a range of different techniques to successfully distribute malware.
What’s particularly worrying about malicious ads is that you don’t need to interact strongly with them for their malware to spread to your device. All it takes is one click on the malicious advertisement and the malware can be installed.
A number of different types of malware can be installed on a device via malicious advertising, including Spyware, Ransomwareand viruses.
So what can you do to avoid malicious ads and protect your devices?
How to Avoid Malicious Ads
Because it only takes one click to fall victim to malicious advertising, it’s essential that you know how to avoid it.
Since malicious advertising uses exploit kits that scan for vulnerabilities, it’s important that you make sure your devices are as protected as possible. This includes the use of best antivirus softwarefirewalls and removing any software you no longer use.
It is also important that you update your applications and operating system regularly. Updates may include fixes for bugs and vulnerabilities that attackers can exploit. So, updating your programs and device can further protect you from malicious ads.
Using some sort of ad blocker can also be helpful, as it will help you avoid ads in general and therefore reduce the chances of interacting with malicious advertising.
On top of that, you should limit your use of extensions like Flash and Java, and make sure they’re only active when you’re using them. You can do this by enabling your browser’s click-to-play feature, which will prevent these programs from running unless you want them to.
Google Chrome, for example, has a click-to-play feature that works with all extensions. So consider using this feature to avoid malicious ads.
Malicious advertising is common, but can be avoided
Today, the risk of encountering malvertising should concern us all. But by using the proper security measures and staying vigilant online, you can reduce your risk of being hit by malicious ads, helping to keep your device and data safe.