The recent story that the Daily Mail website was unknowingly serving up malvertising to 156 million readers is a wakeup call to all of us. You can take all the precautions in the world, but if a site you trust falls prey to hackers, your company security policies really are the last line of defence.
Malvertising is a well-known hacker tactic where seemingly legitimate ads on websites are hacked to download malware to the visitor’s machine. When those visitors are at work, it’s the corporate network that is put at risk.
Malvertising is made possible because many websites use advertising networks to gather revenue. Advertisers bid a cash price to display their ad on your machine. It is a seamless if chaotic, system that is invisible to the user. Websites that use advertising networks include a live link to an ad server that will dynamically serve those adverts to your browser. By hijacking the process, hackers gain access to your machine without any user input. It is then down to the security solution used at the network or machine level to detect and remove the infection.
Hackers were winning some of these advertising bids, allowing them to display infected ads on the page. Anyone who clicked on the ad would be redirected to the site that hosted the Angler exploit kit where it would automatically download without the users knowledge.
The Angler exploit kit is a well-known hacker tool that has been around since 2013. It uses “drive-by downloads” to infect a PC with malware by redirecting browser queries behind the scenes. What makes it dangerous is that the download is invisible to the user and relies completely on security software or ad blockers to prevent infection.
How to prevent a malvertising infection on your network
Given how malvertising can find its way into a trusted website, it makes sense to protect your network from these threats. First and foremost, it pays to keep all your machines patched and current. That includes OS patches, security updates and driver and feature updates.
Second, configure your browser of choice to block Flash and Java by enforcing “click to run”. Disable Java completely if possible and consider using ad blocking software.
Third, use a competent antivirus program that is capable of detecting and blocking multiple threats, including malvertising.
Finally, educate your users and update your internet usage policies to include awareness of malvertising as a credible threat. If you can prevent employees clicking on ads in the first place, you’re doing a good job of protecting your network.
If you’re worried about network security or would like a review of your current security solution, contact Excalibur today. Our security experts are ready and willing to help!