How to protect yourself from Malvertising: the attack of advertisements

Advertisements about products and services are everywhere. When we are browsing social media, our news website, emails, search sites.

We often see advertisements and don't even realize what their content is, perhaps because we are bombarded with so much information.

In addition to privacy issues, advertisements can pose a risk to security , considering that ad networks can be hijacked, changing the destination that should be an offer or benefit, to a malicious website or file. This attack is called malvertising.

What is malvertising?

The name is a combination of “malware” and “advertising” (advertising in Portuguese). Basically, hackers pay for ads on trusted sites that can:

• Point to malicious websites
• Force download of malware just by viewing the ad
• Using the visiting user's device resources for cryptocurrency mining

There is no common location where ads can be displayed or a look and feel that can be distinguished from a real ad. Pop-ups, banners, texts and even buttons can be infected with malware.

Later this year, the New York Times and BBC websites featured ads with malware, according to news from KnowBe4 .

The growth of the attack

The first instance of the attack occurred in late 2007, affecting sites such as MySpace through a vulnerability in Adobe Flash.

Back in 2011, Spotify, which was still a desktop-only application, was hit by malware that affected users who did not have antivirus installed. The ad was a forced download of malware and users didn't even need to click on the ad to be affected.

In 2017, the attack even managed to bypass ad blockers, infecting the devices of users who used the blocking tool for exactly this purpose.

reports of ads on YouTube with malware appeared

In 2018 it was considered one of the main online threats, where some hackers modified previously used scripts, absorbing so many resources from the victim's computer that it could barely function.

In 2019, 1 in every 250 ads was still malicious.

Some examples of real attacks

Below you will see images that we collected here at Lumiun and which are still displayed daily with fake offers for various products.

Note that the name of the advertiser is “Mega Ofertas”, while the layout is from Lojas Americanas, very well known on the internet. Furthermore, the price of the product is completely in contrast to the average prices of such a product, and the destination link is “VEMCOMPRARBARATOO.COM” with a spelling error. There are many signs in this case.

Another false advertisement using the Lojas Americanas website. Note that the advertiser's name at the top is somewhat comical and unusual. Furthermore, again the price of the product is not in line with reality.

In yet another ad using the look of Lojas Americanas, this attack is a little easier to identify. The first point is the name of the advertiser at the top, with an image that is not consistent with the company, and the name “AVON PASSO FUNDO” referring to another company, makes the scam clear. In addition to the price of the product, the destination website also shows “IMOBILIARIAPRATES.COM.BR”, completely different from the area of ​​activity of the advertised product.

Who wouldn't want a brand new, giant refrigerator with many functions at a fraction of the price normally sold? This is exactly why this scam has grown so much. As in the other examples above, the advertiser's photo is generic, the name at the top is different from the ad, and the price and destination link are strange.

How to protect yourself?

There are several habits and tools to stay protected from malvertising attacks. Constant improvements in the advertising systems of large companies have improved the filtering of content that could be harmful to ad recipients. However, with each improvement comes new ways for hackers to introduce harmful material into advertising channels.

With this in mind, we have listed below some common practices that help a lot to maintain the security of information for professionals and companies.

1 – Don’t click on dubious links

Although trustworthy websites can be hit by this type of attack, the websites that contain the largest number of dangerous advertisements are low relevance websites.

Audits and detection systems for this type of attack are present on trusted websites known by most internet users.

Therefore, when accessing a and unreliable website They may contain malware.

2 – Be careful with “gifts”

Donations and gifts are the responsibility of the NGOs. Hackers just want you to click. Ads that promise freebies or free purchases should be avoided at all costs.

The main strategy in this case is to make the ad look as attractive as possible, and what becomes more attractive than easy, effortless money?

“Congratulations, you have been selected to win X free product.” Do not click, as you were not selected to win anything, or rather, you were selected to fall for the malvertising scam.

When you see an ad that seems too good to be true, remember that it most likely isn't.

3 – What is the address of the links?

Over the years, big companies like Google and Facebook have done a good job requiring that a site's display URL matches its destination URL.

This prevents click fraud. If an ad can use any display URL it wants, it can pretend to be Volkswagen giving away a free car, but in reality, it's hackers trying to capture your data.

When you hover over a link and the URL preview is hidden or doesn't match the product or brand in the ad, don't click.

4 – Ad blockers

Ad blockers don't protect against all malvertising schemes and certainly won't protect you from malicious websites in general, but it's still a good layer of protection if you follow the previous tips.

As I said previously, new strategies to bypass ad blockers are created daily, implementing a digital arms race of protection and attack all the time.

5 – Web content filter

Perhaps the most effective solution to malvertising attacks is content filtering at the DNS level . DNS filtering can evaluate the website's content rating and block it even before any malware can install itself on the user's device.

Furthermore, blocking websites considered harmful can protect the user against cyber attacks in general, such as phishing and data hijacking.

The best layer of protection for companies is one that does not depend on the knowledge and goodwill of users, and only website access blocking can do this.

Lumiun is a Brazilian internet access control tool, with payment in local currency (R$) and with support entirely in Portuguese. Specialized in information security improvements for companies and professional productivity, Lumiun has features such as firewall , web content filter and Business VPN for secure remote access.

You can see more detailed information in our presentation , available for free download.

To finish

Concluding this article, it is important to highlight that the vast majority of social engineering attacks in companies occur due to a lack of knowledge and excessive consumption of content outside the scope of work, damaging the security of the company's data and also the productivity of the team. .

Our goal here at Lumiun is to help companies identify their needs in this regard, and implement systems and processes that meet the organization's general objective.

To the next!