Malvertising and Online Ad Networks

September 22nd, 2014 by admin Leave a reply »

This decade has seen tremendous rise in the internet business and online advertising has become second largest ad medium after newspaper. So it has attracted attention of attackers to rip off the user.

Advertising networks could become “the next primary attack vector,” contends new research from Bromium Networks. Worse, popular security technologies such as signature-based detection are essentially useless against such attacks, said Rahul Kashyap, Bromium’s chief security architect and head of Research.

Attackers simply put the advertisement on popular sites like YouTube and Yahoo and when user clicks such ads, malware is downloaded. Video sites like YouTube is the best for such attacks as users tend to spend more time on these sites.

These so-called malvertising attacks offer “one of the best ways to compromise huge numbers of people and get away quickly,” said Kashyap. “Attackers can potentially infect millions of people by randomly placing a few malicious ads.”

The Bromium research details a malvertising attack on YouTube that involved kits which enable attackers to test their malware to see if it will be detected by antivirus products.

In a blog post about the YouTube attack, Bromium’s McEnroe Navaraj said Bromium was working with the Google security team to analyze the attack. “Google has taken this campaign off and is beefing up internal procedures to prevent such events from occurring again,” he wrote. Also, he noted, “We don’t yet know the exact bypass which the attackers used to evade Google’s internal advertisement security checks. Google has informed us that they’re conducting a full investigation of this abuse and will take appropriate measures.”

While disabling ads with an ad blocker is a near-term option for enterprises worried about these kinds of malvertising attacks, Kashyap said it is not a practical long-term solution. “You want to leverage the kinds of technologies which do not depend on signatures or other known techniques to block threats on the network,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Leave a Reply