The Malvertising Threat to Data Security

A global malvertising ring that used sophisticated techniques has been shut down. The threat went unnoticed for months and exploited millions of computers.

Malvertsing is the use of online advertising to spread malware, by injecting malicious or malware-laden advertisements into legitimate online advertising networks and web pages.

This latest large-scale attack has been made by a group known as AdGholas. The operation ran from at least October 2015, distributing malicious advertisements through over 100 ad exchanges, getting served 1 million and 5 million times a  day.

Research by Proofpoint estimates that 10 to 20 percent of computers that loaded the malicious adverts were forwarded to servers hosting exploit kits. These kits are web-based attack tools that attempt to install malware.

The malvertising code used complex checks to ensure that the visiting computers were not virtual machines used by security researchers or by the ad networks themselves to discover malware.

The malvertsing code also filtered victims based on their geolocation and to serve certain malware programs, such as online banking Trojans, to users in specific regions. It is likely that the AdGholas operation was paid by cyber criminals to distribute the malware in a targeted way.

The reason why the malware was so difficult to identify t is that the ring used steganography to hide the attack. Steganography is a technique of hiding code inside images. The malware ads contained images with encrypted JavaScript code inside that was only extracted and executed for selected computers passing the required checks and filters.

The operation was closed down on 20 July following action from the advertising industry.

Beating malvertsing

• Consider using ad blocking tools that do not allow online advertising to show.
• Ensure that users practice good password hygiene, such as not storing login details and passwords on browsers or computers.
• Protect the data stored on each computer using local data encryption so that malware cannot access data.
• Regularly backup computers so that if malware corrupts, deletes or ransoms data the device can be wiped or replaced without permanently losing the data stored on the computer.

How to ensure complete data protection

• Cibecs is a complete backup and data protection suite, the includes:
• Backup & recovery
• Local data encryption
• PC refresh and migration
• Data theft Prevention and remote wipe
• Device geo-location
• Corporate governance compliance

Watch the full Cibecs demo here