Security Market Segment LS
Friday, 18 March 2016 10:40

Malvertising hits BBC, Newsweek, NYT and MSN Featured

By

Links to malware inside online advertising bypassed the security systems of the advertising serving companies and distributed ransomware to unsuspecting ‘link clickers’.

Earlier this week major websites including BBC, Newsweek, New York Times and MSN ‘hosted’ malvertising on their sites that has been credited as the largest of attack of its type for two years. Previously Google’s DoubleClick and Zedo ad servers were ‘infected’ and YouTube, Amazon and Yahoo websites used advertisements served from them.

Although ad serving networks try to filter out malicious ones, occasionally altered ones’ slip in. On a high-traffic site, this means a large pool of potential victims. Websites that serve the ads are usually unaware of the problem.

AppNexus, one of the ad servers said it has an anti-malware detection system called Sherlock it uses to screen ads and also uses a filtering product from a third-party vendor. "We devote considerable financial resources to safeguarding our customers. Unfortunately, bad actors also invest considerably in developing new forms of malware,” said Josh Zeitz, vice president of communications.

The client websites were not at fault. Cybercriminals made copies of advertisements where links had been altered to infect users with ransomware. These copies were placed in legitimate advertising publishing companies and served to websites.

Security company Flexera estimates that tens of thousands of computers have been exposed which means some may have been infected with malware or file-encrypting ransomware. Also, the advertisements connected with servers hosting the Angler exploit kit that tries to find software vulnerabilities on a computer to deliver malware.

Steve Schmidt, VP of Corporate Development at Flexera Software said, “While this story is more spectacular than most because the targets are high-profile news sites, it illustrates precisely why software vulnerability management is a prerequisite for risk reduction. The majority of successful cyber attacks against organisations worldwide use known software vulnerabilities to gain access or escalate privileges inside corporate IT infrastructures. Once hackers have successfully exploited a vulnerability, they have the base to roll out their attack, moving around systems, collecting information, and deploying malware to steal or destroy business-critical information or cause disruption.”

Schmidt says that software vulnerability management is key in mitigating this risk. “For organisations, the best starting point to protect their data is to implement software vulnerability management tools to close those entry points, before they can be exploited. The right set of tools provides timely, relevant and comprehensive intelligence from a trusted source about vulnerabilities discovered and disclosed every day that could impact the environment; and it enables IT teams to act on that information – either by applying a tested security patch, or applying workarounds like sectioning off the vulnerable application from business critical data. Well implemented Software Vulnerability Management processes effectively reduce the attack surface for cybercriminals and hackers, consequently reducing the risk of security breaches.”

Comment

Another day, another exploit. Death and Taxes are no longer the two things you can be sure of. Most anti-virus/malware companies picked up on this story and most thankfully updated detection definitions. I found an interesting article on malvertising at Trend titled ‘Malvertising – when online ads attack.

Malwarebytes also has a blog post here that shows that Google, AppNexus, AOL and Rubicon ad servers were affected.

Of course you have to click to install - human error again.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments