Mon - Fri: 8:30am - 5pm24/7 Customer Support
Question? Let's TalkWe're here to help!

Malvertising: Hackers are Paying For Ad Space on Popular Websites

Posted on: December 15, 2015
Malvertising: Hackers are Paying For Ad Space on Popular Websites

A good business practices extreme caution when using the Internet, thanks to hackers using any means possible to unleash threats against organizations of all sizes. You teach your employees how to avoid threats and to avoid suspicious websites, but what if that’s not enough to keep hackers out of your network infrastructure?

Some businesses are finding it increasingly difficult to separate the bad from the good when it comes to online security. This is thanks to a number of new and emerging threats, with the latest one being “malvertising.” This potential threat focuses on using advertising space on websites to inject malicious code into unwary users. This malware often takes advantage of zero-day exploits (problems that haven’t been patched), which means these threats are difficult to defend against, even under the best circumstances. Take, for instance, a threat described by ComputerWorld:

    […] the source of the infection was a malicious advertisement, one that was running on a mainstream news service! The news website sells ad space served up by an advertising company, which in turn sells that ad space to anybody willing to pay for it. In this case, the bad guys were paying for it. They signed up for ad space just like any other customer, but the advertisement they created — known as “malvertising” — exploited a zero-day (unpatched) vulnerability in Adobe Flash to run commands through the browser to the victim computers’ operating systems, without any knowledge or intervention by the end users.

While taking advantage of multiple avenues of cyber security can be an effective means to combat threats that can compromise your organization’s network, what happens when threats are capable of making themselves invisible to your efforts? This is essentially what happened in the above scenario. Because the malvertisement literally needed no user interaction whatsoever, it was capable of infiltrating the system without being detected, simply because any and all training that employees might have can simply be ignored. Something like this wouldn’t be blocked by a web content filtering system because it’s on a legitimate site.

Thankfully with the latest cybersecurity tools at your disposal we can identify and resolve problems like these relatively quickly should they infiltrate your defenses and set up malware on your network. The important thing to remember about cyber threats is they will almost always leave some sort of sign they were there. Be it a virus or piece of malware that’s detected by a firewall or a phishing email that’s blocked by a spam filter, you’ll know you’re getting attacked. Even in cases where administrator credentials are used for remote access to your network you can use your access logs to determine whether or not the account activity is legitimate or not.

Malvertising is a concerning trend to watch out for, to be sure, but in the face of powerful security solutions designed to take proactive measures against online threats you can bet it will have some significant difficulty running amok for your business. By taking full advantage of enterprise-level security solutions your business can detect and eliminate threats in the most secure way possible. For more information, contact Bmore Technology at 443-524-8800.

Learn More About Bmore Technology
Testimonials
See What People Are Saying:

We recently made the decision to switch IT companies and Bmore Technology offered everything we required. As with any large change, there was some apprehension involved. (more…)

More Testimonials
A Few of Our Partners
Latest News
Our Family Has Grown: Bmore Technology Acquires Carolina Phone & Data Services

Bmore Technology expands footprint in South Carolina BALTIMORE, MD – December 5, 2018 – Bmore Technology has announced the acquisition of Carolina Phone & Data Services (CPDS). (more…)