Malvertising: What works against the advertising trick?

A glance at your own IT system shows that all firewalls, antivirus programs and security measures are running perfectly and your company is well protected. But one wrong click by an inattentive end user can disrupt this state in an instant. Seemingly innocuous marketing emails that contain a dangerous malware are an increasingly popular attack vector among cybercriminals. They can launch a wider cyberattack where an attacker attempts to penetrate progressively sensitive segments of corporate networks to cause the greatest possible damage.

The portmanteau “malvertising” – from malware and advertising – succinctly defines this insidious threat. Perpetrators either use fake ads with malicious attachments or infiltrate legitimate ad networks to redirect unsuspecting users to infected websites. In one recent case, IT security researchers from Secureworks discovered trojanized installers for popular software that were distributed via malvertising.

Attacks target all types of devices. The injected malware can block system resources, disrupt data traffic, or manipulate, delete or steal data. Ransomware is the most widespread example, where sensitive data is encrypted and victims must pay a ransom to decrypt it or prevent attackers from publishing it.

The potential for damage is particularly high for important data stored on corporate network or cloud-based servers. The risks to data stored on endpoints is more limited because it can be reinstalled relatively quickly and easily, e.g., by using Unified Endpoint Management software.

Defending against malvertising attacks is the responsibility of IT admins and the company's security organization.

Together they use various technical measures including:

• Network ad blockers that prevent malvertising from reaching endpoint. Server-based content filters also can restrict access to potentially dangerous websites and reduce the risk of infection.
• Web browser security extensions provide additional protection by blocking malicious content from endpoints and warning users about potentially dangerous websites.
• Active monitoring of network traffic enables the early detection of suspicious activity and ad content. This allows IT administrators to act quickly and fend off potential attacks.

Raising end-user cybersecurity awareness is an essential step alongside technical measures. It is important to conduct regular training to ensure that employees are informed about new and constantly evolving threats.

It is important for awareness training to cover:

• What is malvertising, how does it work, and what is its potential impact on the business?
• How can malicious ads, pop-ups, redirects or exploits be detected? This includes unusual or exaggerated promises, inappropriate content or questionable ad networks.
• Spelling and grammatical errors that often alerted users to suspicious content are becoming less common as attackers use ChatGPT to generate text.
• How employees should use care not to click on suspicious ads or links. Instead, they should be encouraged to close the ad or access a site directly through a known secure source to avoid possible infection.
• Employees should report suspicious ads to an internal reporting center, an IT help desk or a dedicated security contact.