Written by: Dryden Media Group
Security is always a game of measure vs. countermeasure and malvertising is no exception. Now that smart attackers have discovered how to twist the nature of the online advertising to their criminal ends, awareness and a number of responses are necessary to counter the threat.
Malvertising will thrive as long as it is worth attackers’ money, meaning the Web’s large population of unaware or otherwise susceptible victims will remain at risk. The complexity of the threat means there is no single solution, but important steps can be taken across the board.
First, the ad networks need to do a better job of policing content they display. When even the largest and well-resourced ad networks, like Google’s, are found to be aiding attackers, it should sound a call-to-action for the entire industry. Online advertising underpins a huge slice of the Web economy, so it is obviously against many diverse stakeholders’ interests for the public to increasingly associating online ads with malware and abuse.
Secondly, the reputable, high-traffic sites regrettably implicated in malware attacks – because of ad content on their pages that they fundamentally cannot control – will likely press for better content screening at the ad networks’ side. It is conceivable they will even vote with their wallets and prefer to do business with demonstrably more secure ad partners.
Third, individuals and organizations need to keep focusing on awareness of the problem and can turn to a few safeguards, regardless of whether the security of ad networks improves. There are browser settings and plug-ins like AdBlock, for example, which block the dynamic scripts and quiet connections ads use to display dangerous content. However, these changes have the side effect of also disabling useful features and interfaces on popular sites as well, making them not worth the effort for some users.
In recent research, many traditional PC defenses like anti-virus and other endpoint protection software cannot reliably stop malvertising attacks. This is because these tools frequently cannot determine in time whether a Flash-powered banner ad, for example (which is not defined as malicious, itself), is simply serving ad content or something more sinister.
When you consider malvertising-linked outrage, financial losses and device restoration/clean-up costs, you have to agree that the Web’s malicious actors have – unsurprisingly, yet again – proven adept at turning e-commerce’s latest features to their own, criminal ends. Attackers are banking on the reality that we cannot block every ad or hold every ad network to any kind of uniform security screening.
It is therefore even more urgent for influential ad industry figures to step-up in response and for CIOs and CISOs to recognize and account for malvertising in the array of threats facing their devices and employees. Without focused action to curtail malvertising, we may soon long for the days when ads only planted songs in our heads instead of malware in our devices.
Rahul Kashyap is Chief Security Architect and Head of Research at Bromium.
Why Secure Passwords Matter and How to Create Them
10 Ways to Celebrate International Women’s Day
Becoming a Great Podcast Host with Celeste Headlee
New Guiding Principles for Opportunity Zone Investors
Leaders: Do You Challenge Your Status Quo?
9 Marketing Trends That Will Dominate This Year
How To Keep Envy From Destroying Your Workplace
6 Tips to Help Your Journey to Retirement
Who Do You Sell to First
Business Owners Should Set 3 Types of Exit Goals
Forward-Looking Investing23 hours ago
Moat Investing: Powered by Morningstar
Market Strategist23 hours ago
We Are Not Convinced the Market Storm Has Completely Passed
Development23 hours ago
Advisors: How To Answer “What Do You Do?”
Markets2 days ago
Higher Mortgage Rates, Student Loans and Nike
Equities2 days ago
7 Stocks That Pay the Largest Dividends of All That Trade on Nasdaq – Or Do They?
Advisor2 days ago
The Wizards of Wall Street vs. The Selbees from Michigan
Markets3 days ago
The Chameleons Are on the Run
Compliance3 days ago
Regulators Focusing on How Firms Identify, Monitor and Test Custody Scenarios With Client Assets