Malvertising has been a problem for CIOs and CSOs for a few years. 2015 stands to be no different, as it is examined in the Cisco Annual Security Report for 2015.
Malvertising tactics from cyber-criminals are straightforward — use online advertising to spread malware by injecting malicious ads, often via embedded hidden iframes into online ad networks or webpages.
Unfortunately, the infamous “Kyle and Stan” network was a very good example of this. The malvertising network placed malware on popular, high-traffic sites such as youtube.com, ads.yahoo.com, and amazon.com. Cyber-crimes such as malvertising are more than annoyances and disruptions. Their creators are putting online advertising networks on their heels as the networks are circumvented. One trick malicious actors love to use is purchasing blocks of remaining ad inventory at the last-minute, hoping no one will have time for a thorough investigation. They’ll even serve up malware-free ads before flipping the switch.
Annual Security Report SlideShare infographic:
So how can CIOs and CSOs protect their employees, devices, and networks when tracing the source of malvertising agents is almost impossible?
- Reducing Attack Surfaces limits the abundance of vulnerable apps present on your network. Under-used and outdated apps like Adobe and Java are targeted more heavily because of their vulnerabilities. Keeping these programs up to date to minimize outdated plug-ins is critical to blocking malware. Restricting access or completely blocking these apps may need to be considered.
- Make sure your security vendor’s team is robust and responsive. Their products need to be up-to-date against the latest outside threats as soon as they are discovered, in real-time. Their protective measures need to be in place before, during, and after an attack.
- Advanced malware protection solutions are well suited for blocking and detecting malware. They provide continuous monitoring and go beyond point-in-time scanning methods.
- Strong web security devices will prevent access to websites associated with malvertising campaigns.
- The network security protection of intrusion prevention systems and NGFWs will also block attacks introduced via malvertising.
While malvertising is extremely problematic, there are very few problems that have no solution. Remain focused on the threats that are out there. Proactively reinforce weak network points. Operate under the notion of a “when” and not “if” likelihood of malware attacks – via malvertising or other methods of infection. Doing these defense mechanisms can go a long way in protecting our networks.