13 December 2015

Malvertising: The Hack That Infects Computers Without A Click

December 10, 2015 · by RC Porter ·
Malvertising: The Hack That Infects Computers Without A Click
www.fortunascorner.com
Joseph Cox had an interesting; but, worrisome article on WIRED.com’s December 9, 2015 website, about the threat of malvertising.– a way for hackers to breach your device, without you even making the mistake of clicking a malicious link. Known as malvertising, “hackers buy ad space on a legitimate website; and, as the name suggests — upload malicious advertisements designed to hack the site visitor’s computers,” Mr. Cox wrote. There is “a booming trade in malvertising: where cyber criminals rent out ads on sketchy corners of the Internet and popular sites alike — in order to infect the computers of people as they can,” he added.
Plenty Of Popular Sites Have Been Tazrgeted

“Malvertising dates back to at least 2009, when some visitors to The New York Times, were met with a pop-up, posing as an anti-virus scanner,” Mr. Cox notes. “In the background of The Daily Mail, third-party advertisements were surreptitiously, and automatically redirecting readers to powerful exploit kits, designed to install malware on their computers. The Daily Mail attack was only one of many recent examples to hit mainstream sites. Popular porn sites like You Porn and PornHub dished out malicious ads in September as well, and a month earlier, The Huffington Post, a site with 100 million unique monthly visitors, was serving up malware. Both The Drudge Report and Yahoo were also hit by malvertising campaigns this year, and Forbes fell victim in September,” Mr. Cox wrote.

“If this all sounds like a lot,” Mr. Cox writes, “it’s because it is: Researchers at the malware security company Cyphort reported a 325 percent increase of malvertising attacks between June 2014 and February 2015.’
How Malvertising Works

“Although each attack can vary, malvertising follows a fairly standard process,” WIRED.com notes. “First, an attacker signs up on an ad network. These are the companies that pump ads into the site you use, and which sell ad space to companies that want to show off their products. They act as middlemen between the website wishing to sell its spare ad space, and the party with the advertisement. The ad creator uploads their content to the ad network’s central server, which then sends the ad’s code off to the website when needed.





“Next, the hacker takes advantage of this exchange, impersonating a reputable business to upload their own ad — mostly like a Flash-based piece of content, or one that contains a load of malicious Javascript,” according to Jerome Segura, a senior security researcher at Malwarebytes. When you visit the site, the kind of ad you’re served is determined when you arrive., This is done through a process called Real Time Bidding (RTB): ad buyers pay for a certain number of ad impressions beforehand, and for a specific user demographic. Then, when someone visits the site, whoever has the biggest bid for that particular demographic of user wins, and get their ad served on this site.”





“But, if it’s a case of malvertising, once you load the page,” Mr. Cox warns, “the ad appears and its code then redirects you to a webpage hosting an exploit, kit, without you even clicking on the ad. This will likely happen in the background, through an iFrame – a piece of web content invisible to the naked eye — without any interaction to you. In fact, it might not even be obvious that it is happening at all,”





“The landing page’s job is essentially to determine if there are any vulnerable plugins within the computer,” Segura said. “It might see what web browser you are using, then look for Flash, or another piece of vulnerable software.”





“Finally,’ Mr. Cox writes, “the page will push the exploit, and download to your computer, whichever malware the attacker is using. Malvertising sometimes delivers ransomware, the crafty hack that locks a computers files until the victim pays a fine, while other forms of malvertising send out banking trojans to steal financial information.





“It is important to note that not everyone visiting an affected site is guaranteed to get hack,’ Mr. Cox says. “Indeed, some ads will only load for people in certain countries or demographics — because of targeted RTB. And, if you have taken adequate protections, your computer might not even be vulnerable to that particular attack at all. That said, many malvertising campaigns use the popular Angler exploit kit, which according to a recent Cisco report, can have a success rate of up to forty percent globally. On top of this,” Mr. Cox adds, “a spate of recent attacks have used zero-day exploits, which means that even fully — up-to-date software could be compromised — but, attacks using those are relatively rare at this point,’ he says. “More recently, hackers have been taking advantage of HTTPS, making it more difficult to track them down.”









In order to successfully defeat malvertising — it takes a collaborative network — between “users, site developers, and the ad networks themselves,’ working together in a collaborative way to attack the problem. Helene Barrot, a representative from Google, told WIRED.in an email that DoubleClick, the company’s ad platform (which has inadvertently been a part of malvertising campaigns) has taken a number of different approaches. it collaborates with industry partners, publishes research into malvertising, and uses malware detection tools. “In 2014, we disabled more than 524 million bad ads; and, we banned more than 214,000 bad advertisers,” Barrot said.


“Segura doesn’t think that better ad scanning is going to help though: There are just too many things to watch out for. Instead, he feels the barrier to entry should be raised, by imposing a large minimum fee for people signing up for ad networks, creating a bigger financial risk for criminals to take,” Mr. Cox wrote. “At the moment, malvertising is incredibly cheap for cyber criminals to carry out. For some ad networks, hackers are “able to put malicious ads in front of a thousand people for only 30 cents. You can’t get any cheaper than that,’ Segura said.

Cyber criminals, nation-state espionage, terrorist and drug-cartel networks, etc., will continue to seek new, and clever ways to steal our personal information, corporate secrets — especially in R&D, mergers and acquisitions, critical infrastructure, etc., and malvertising is just the latest example. It remains a digital minefield out there. Remember, it is the second mouse that always gets the cheese.

No comments: