Use Advanced Threat Analytics to Defeat Malicious Advertisements
One of the applications of advanced threat analytics is protecting people and devices from malicious advertisements. It has become increasingly common for websites, even well-known and trusted ones, to become victims of malicious advertisements or malvertising.
When a user visits an infected site, the malicious advertisement spreads malware to the user’s devise, compromising it and potentially installing ransomware or other harmful objects. Advanced threat analytics is one way of detecting and avoiding these malicious advertisements.
To distribute malvertising, cybercriminals use legitimate online advertising services. Ad networks produce content for thousands of websites. Hackers understand that they can potentially reach millions of people if they can infiltrate one or more of these online advertising networks. Malicious advertisements can affect any device, including PCs, Androids, and Apple. By exploiting vulnerabilities in an advertising network, cybercriminals can cause the network to deliver malware to its customer’s websites. It’s interesting to note that, as mentioned in Ransomware Delivery Mechanisms Part 1, Lastline identified malvertising as a prominent delivery vehicle for very dangerous types of malware, including ransomware.
Malvertising Often Goes Undetected
Since ad networks quickly rotate the advertisements, and because website owners don’t usually monitor the ads that advertising services place on their website, it is very difficult for organizations to guard against malvertising. Malicious advertisements may reside on a website throughout its entire lifecycle without either the advertising service provider or the website owner knowing it is there.
Widespread malvertising campaigns over the course of the last few years demonstrate the magnitude of the problem. Learn more about malvertising and its prevalence by reading the post on our Labs blog, The Malicious 1% of Ads Served.
Advanced Threat Analytics Detects Malicious Advertisements
One of the best ways to guard against malicious advertisements is through advanced threat analytics. Although browser and operating system developers have responded with enhanced security controls like automated patching and ad blocking, advanced threat analytics is far more effective at identifying malicious advertisements.
Organizations can deploy advanced threat analytics tools to evaluate websites and individual pages to determine if malvertising is present. These sophisticated detection tools spot dangerous advertisements via a number of techniques, including:
- Checking to see if other security vendors or organizations throughout the world have previously blacklisted the website, page, or advertisement as a known malicious entity
- While contained in a safe and isolated environment, loading the web page that contains the advertisement and monitoring all behavior for malicious activities
- Interacting with advertisement code and observing its actions for potential malicious activity
- Checking advertisements for sandbox evasion tactics, or other anomalies like code that attempts to disable security controls or correspond with command and control centers
Malvertising Attacks Will Continue – But They Can Be Defeated
Nearly all websites have ads, but the site owners usually don’t have much control over which ads are displayed—that is handled by the advertising networks. In an attempt to provide the best possible conversion rates, it is the advertising network or service that chooses, often in real-time and specific to each user, which ads get displayed. By compromising a single network advertiser, cybercriminals can spread malware-laden advertisements to hundreds, or even thousands of websites.
These factors make malvertising very attractive to hackers. It is powerful, effective, and profitable. As such, we can expect to see it continue to expand in both volume, frequency, and sophistication.
Fortunately, organizations can use advanced threat analytics to detect and defeat malicious advertisements, blocking them before they can cause serious infection and damage.