Written by: Dryden Media Group
Security is always a game of measure vs. countermeasure and malvertising is no exception. Now that smart attackers have discovered how to twist the nature of the online advertising to their criminal ends, awareness and a number of responses are necessary to counter the threat.
Malvertising will thrive as long as it is worth attackers’ money, meaning the Web’s large population of unaware or otherwise susceptible victims will remain at risk. The complexity of the threat means there is no single solution, but important steps can be taken across the board.
First, the ad networks need to do a better job of policing content they display. When even the largest and well-resourced ad networks, like Google’s, are found to be aiding attackers, it should sound a call-to-action for the entire industry. Online advertising underpins a huge slice of the Web economy, so it is obviously against many diverse stakeholders’ interests for the public to increasingly associating online ads with malware and abuse.
Secondly, the reputable, high-traffic sites regrettably implicated in malware attacks – because of ad content on their pages that they fundamentally cannot control – will likely press for better content screening at the ad networks’ side. It is conceivable they will even vote with their wallets and prefer to do business with demonstrably more secure ad partners.
Third, individuals and organizations need to keep focusing on awareness of the problem and can turn to a few safeguards, regardless of whether the security of ad networks improves. There are browser settings and plug-ins like AdBlock, for example, which block the dynamic scripts and quiet connections ads use to display dangerous content. However, these changes have the side effect of also disabling useful features and interfaces on popular sites as well, making them not worth the effort for some users.
In recent research, many traditional PC defenses like anti-virus and other endpoint protection software cannot reliably stop malvertising attacks. This is because these tools frequently cannot determine in time whether a Flash-powered banner ad, for example (which is not defined as malicious, itself), is simply serving ad content or something more sinister.
When you consider malvertising-linked outrage, financial losses and device restoration/clean-up costs, you have to agree that the Web’s malicious actors have – unsurprisingly, yet again – proven adept at turning e-commerce’s latest features to their own, criminal ends. Attackers are banking on the reality that we cannot block every ad or hold every ad network to any kind of uniform security screening.
It is therefore even more urgent for influential ad industry figures to step-up in response and for CIOs and CISOs to recognize and account for malvertising in the array of threats facing their devices and employees. Without focused action to curtail malvertising, we may soon long for the days when ads only planted songs in our heads instead of malware in our devices.
Rahul Kashyap is Chief Security Architect and Head of Research at Bromium.
Most Read IRIS Articles of the Week: December 10-14
It’s the Most Wonderful Time of the Year, to Review Your Story
The Two Character Differentials to Propel Yourself into the Future
Becoming Your Future You: Now!
5 Leadership Books You Must Read in 2019
Retirement Plans Disappear When Parents And The Kids Return Home
The Workplace Is No Place for Inappropriate Touching
Holiday Gifts for the Sales Rockstar in Your Life
6 Questions Business Owners Should Answer Before Selling Their Business
Behind Every Shaper, There’s a Hero
Equities2 days ago
How Do Bitcoin Futures Affect the Price?
Research2 days ago
Debt Bombs Ticking Across the Globe
Development2 days ago
Advisors: Break Out of Your Echo Chamber
Development2 days ago
The Power of Thoughtful Client Gifts
Equities3 days ago
These Oil Stocks Are Ticking Time Bombs
Building Smarter Portfolios3 days ago
The Market’s Wild Ride
Human Performance3 days ago
5 Simple Ways to Improve Your Productivity At Work
Equities4 days ago
Bubble, Meet Pin; It’s Just the Beginning of the Downslide