Online ads can be an annoying interruption to our normal browsing habits. However, they are often necessary because they serve as the primary source of funding for the free websites we use every day. Have you ever wondered how those ads end up on your screen? Well, there is a fascinating supply chain behind advertisements, and it is interesting to analyze it.
Typically, a website that serves ads does not carefully select the specific ads that are displayed on its platform. Instead, it chooses ad categories to block, allocates ad space, and then displays the ads provided by your ad provider. Advertising providers are responsible for finding advertisers and websites to display their ads. But what if those advertisers are not legitimate? What if they are threat actors or scammers looking to lure potential victims with seemingly legitimate software or help fixing their computer? This malicious use of ads is known as malvertising.
Malvertising uses many of the same tactics as social engineering, relying heavily on persuasive language and attention-grabbing images to generate a sense of urgency or fear. This encourages victims to act quickly without inspecting the legitimacy of the website linked in the ad. Malvertising attacks are becoming more sophisticated, with cybercriminals leveraging trusted platforms such as Facebook and other social networks to distribute malicious content. By exploiting the trust and reach of these platforms, attackers can reach a broader audience and potentially compromise more victims. This also makes it more difficult for users to distinguish between legitimate and malicious ads.
To add to the complexity, threat actors employ techniques to mask their identities and evade detection. This may include social engineering tactics such as phishing, token theft, or data stealers to gain access to legitimate ad accounts. By hijacking trusted accounts, attackers can bypass security measures designed to prevent malicious organizations from purchasing ad space.
He leads counter-threat and internal security operations at Huntress.
Three common types of malvertising attacks that users should be aware of are:
Malicious advertising by scam: Attackers will display ads with language similar to “Your computer is infected, call us immediately to fix it!” Once the victim calls, scammers typically convince the victim to install software to initiate a remote control session of the victim’s computer. They will then overwhelm the victim with misinformation, hoping to confuse them into believing the situation is too complex to understand, and then ask them to pay money to remedy the non-existent security issue.
Fake Installer Malvertising: A common technique that delivers malware directly to the victim, posing a more significant threat. Attackers disguise themselves as legitimate software vendors to deliver a modified version of the software that typically includes an initial access or data theft mechanism. These attacks aim to trap the victim while they are in a hurry to install the software. We often see QuickBooks used as a decoy, with attackers sponsoring malicious ads designed to display alongside legitimate QuickBooks links. The malicious ads then lead to a cloned QuickBooks website that serves users as a compromised installer. Similarly, fake browser extensions imitate legitimate ones, tricking users into installing them. Once installed, they can capture sensitive data, including browsing history, passwords, and credit card information, putting both individuals and businesses at significant risk.
Drive-by-download malicious advertising: These malicious ads do not require viewer participation; Simply loading them into your browser is enough to install a new web extension or download malware. This tactic relies heavily on the victim not keeping their browser updated and using previously known and patched vulnerabilities. There is a reason why your browser is constantly asking you to update it; These updates keep the browser secure against newly discovered weaknesses. Keep your browser updated and don’t make the attackers’ job easier.
Avoiding attacks
To avoid falling victim to malvertising attacks, such as fraudulent malvertising, it is essential to think critically before interacting with suspicious ads. If you receive an ad claiming you are a victim and need to ask for help, stop and ask if the claim makes sense at face value. How would this provider know you had a virus on your computer? Does Microsoft really have a staff division that proactively buys advertising space to inform its customers that there may be a virus on their computer? While answering these questions generally requires at least some level of technical acumen, there are other signs that an ad may be a scam. Many of these scams claim to be from Microsoft support or their security team. Check where the ad will take you. If the domain is not www.microsoft.com, then you can almost guarantee it will be a scam, especially when combined with a message claiming to be urgent or extremely critical.
To avoid falling victim to malvertising, you need to pay attention, take a moment to stop and think about an ad’s claims, make sure you are redirected to a legitimate site, and click the “refresh” button each time it appears. in your browser. To defend against malvertising, advertisers should implement tighter controls on advertisers and their content to ensure legitimacy. Additionally, employees should be trained to identify suspicious emails, websites, and online ads, empowering them to avoid falling victim to these attacks. Threat actors are increasingly using legitimate tools maliciously, including ads. A good dose of skepticism never hurt anyone, so the next time you see a suspicious ad, be careful and make sure it’s legitimate before clicking on it.
We have presented the best business VPN.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
