IT Security

Malvertising: What works against the advertising trick?

23. August 2023, Avatar of Richard HelbingRichard Helbing

Cyberattacks disguised as advertisements now appear quite authentic, making them particularly treacherous. Technical prevention measures, fast response times, cooperation between IT administrators and CISOs, and regular employee training are crucial measures to help companies and organizations defend themselves.

In short

  • Malvertising – advertising infected with malware – is an increasingly serious business cybersecurity threat.
  • Proactive real-time monitoring and setting consistent security policies with Unified Endpoint Management (UEM) and other solutions are crucial for minimizing risks.
  • IT admins and CISOs can take a cooperative approach to make all employees aware of the danger.

A glance at your own IT system shows that all firewalls, antivirus programs and security measures are running perfectly and your company is well protected. But one wrong click by an inattentive end user can disrupt this state in an instant. Seemingly innocuous marketing emails that contain a dangerous malware are an increasingly popular attack vector among cybercriminals. They can launch a wider cyberattack where an attacker attempts to penetrate progressively sensitive segments of corporate networks to cause the greatest possible damage.

The portmanteau “malvertising” – from malware and advertising – succinctly defines this insidious threat. Perpetrators either use fake ads with malicious attachments or infiltrate legitimate ad networks to redirect unsuspecting users to infected websites. In one recent case, IT security researchers from Secureworks discovered trojanized installers for popular software that were distributed via malvertising.

All types of devices are targeted

Attacks target all types of devices. The injected malware can block system resources, disrupt data traffic, or manipulate, delete or steal data. Ransomware is the most widespread example, where sensitive data is encrypted and victims must pay a ransom to decrypt it or prevent attackers from publishing it.

The potential for damage is particularly high for important data stored on corporate network or cloud-based servers. The risks to data stored on endpoints is more limited because it can be reinstalled relatively quickly and easily, e.g., by using Unified Endpoint Management software.

First steps for prevention

Defending against malvertising attacks is the responsibility of IT admins and the company's security organization.

Together they use various technical measures including:

  • Network ad blockers that prevent malvertising from reaching endpoint. Server-based content filters also can restrict access to potentially dangerous websites and reduce the risk of infection.
  • Web browser security extensions provide additional protection by blocking malicious content from endpoints and warning users about potentially dangerous websites.
  • Active monitoring of network traffic enables the early detection of suspicious activity and ad content. This allows IT administrators to act quickly and fend off potential attacks.

Prevention and employee training

Raising end-user cybersecurity awareness is an essential step alongside technical measures. It is important to conduct regular training to ensure that employees are informed about new and constantly evolving threats.

It is important for awareness training to cover:

  • What is malvertising, how does it work, and what is its potential impact on the business?
  • How can malicious ads, pop-ups, redirects or exploits be detected? This includes unusual or exaggerated promises, inappropriate content or questionable ad networks.
  • Spelling and grammatical errors that often alerted users to suspicious content are becoming less common as attackers use ChatGPT to generate text.
  • How employees should use care not to click on suspicious ads or links. Instead, they should be encouraged to close the ad or access a site directly through a known secure source to avoid possible infection.
  • Employees should report suspicious ads to an internal reporting center, an IT help desk or a dedicated security contact.

UEM assists with prevention and recovery

In addition, enterprise IT management solutions such as Unified Endpoint Management (UEM) can provide strong support in defending against malvertising attacks. UEM enables a consistent and comprehensive security approach that significantly reduces the risk of attacks. For example, UEM can be used to define and maintain specific security policies for all company endpoints such as configuring web browsers with ad blockers and other protective measures.

Mobile devices such as smartphones, tablets and handheld scanners are increasingly becoming targets for malware. IT administrators can minimize this risk by blocking unsafe websites or restricting app downloads to trusted sources.

In particular, UEM helps keep systems patched and up-to-date to close security gaps. It also speeds to process of restoring or rebuilding compromised systems. UEM should always go hand in hand with antivirus and related endpoint security solutions that scan for viruses or alert users and IT staff to suspicious content or activity. Integrating UEM into a holistic IT management strategy increases overall cybersecurity and limits potential damage caused by malvertising and other attacks.

Danger detected and averted

Just a single vulnerability or security lapse on one computer can compromise network security and endanger sensitive corporate data. Read our free whitepaper “Vulnerability Management: Automatically Detect and Quickly Eliminate Security Gaps” to learn about cybersecurity solutions available in baramundi UEM.

Download here

Read more

Entries 1 to 3 of 3