Malvertising
Data ProtectionDefinition
Malware distribution through compromised online advertisements on legitimate websites.
Technical Details
Malvertising is a technique used by cybercriminals to distribute malware via online advertisements. It often involves embedding malicious code within legitimate ad networks or using compromised ad servers. When users visit a website that displays these ads, the malicious code can exploit vulnerabilities in the user’s browser or operating system, leading to malware installation without the user's knowledge. This can happen through drive-by downloads, where malware is downloaded automatically when the ad is viewed, or through redirection to malicious websites. Malvertising can be particularly difficult to detect because the ads are served from reputable networks, making them appear legitimate.
Practical Usage
Malvertising is commonly used in various cyberattack strategies. For example, attackers may use malvertising to distribute ransomware, steal personal information, or deploy spyware. Companies may implement ad blockers or utilize security solutions that scan ads for malicious content to mitigate the risks associated with malvertising. Additionally, organizations often conduct training for employees to recognize suspicious ads and understand the importance of secure browsing habits.
Examples
- In 2016, a malvertising campaign was identified that used the popular ad network 'AdYield' to serve malicious ads on legitimate websites, leading to the distribution of the Angler Exploit Kit.
- In 2017, the 'Coinhive' malvertising incident involved ads that redirected users to a site that would mine cryptocurrency using their CPU power, without their consent.
- The 'Locky' ransomware was distributed via malvertising where users were redirected to a site hosting the ransomware payload when they clicked on the infected ads.