<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1626328370711236&amp;ev=PageView&amp;noscript=1">
Blog-Hero.jpg

blog

Ransomware & Malvertising - The troublesome twins of the web!

Apr 13, 2016 06:16:57 PM

twins.jpg

Ransomware is a hot topic with every European customer & partner I meet currently. Not a week goes by now without a conference call or meeting with an organisation that has been impacted by a ransomware attack. The impact can range from as little as one PC encrypted all the way to every network shared drive encrypted; either way, quite an impact. One prospective customer caught a ransomware attack in mid-flight just last week encrypting files in front of his eyes.

Ransomware is just the latest in a long line of hacking techniques used by attackers to monetize their ability to hack devices connected to the internet; because they can.

The reality is that a ‘new’ attack mechanism is being used via the web today to allow Ransomware to be successful – ‘Malvertising’. Malvertising is typically a malicious ad that will load in your browser when you visit a popular website (unless you use an Ad Blocker tool – more on this later). The malicious ad loads in your browser and then attempts to hack your computer via your browser. This is often a flash or java based vulnerability; third party plugins considered easy targets by attackers.

Have you considered before where those ads have come from, the security posture of their provider and their intention? Have you considered that not all ad content providers are equal and that some may be a higher risk than others? Would you want ads loading in your browser from their platform if their platform is on software 8 years out of date?   Unless you block javascript you have no choice or control over this model in your browser.

We have documented previously in multiple blogs for the UK & US Top 50 sites the sheer amount of javascript and sources of content on a popular website today downloaded and executed with little or no policy control. This javascript pulls in content from a variety of systems including ad delivery systems, most of the time they are good and trustworthy, but on occasion they can go bad.

If we take one such example in March 2016, one attacker waited patiently for the domain ‘brentsmedia[.]com’ to expire, registered in Utah, USA , a known ad network content provider. The domain in question had expired ownership for 66 days, was then taken over by an attacker in Russia (Pavel G Astahov) and 1 day later was serving up malicious ads to visitors of sites including the BBC, AOL & New York Times. No-one told any of these popular websites until the malicious ads had already appeared.

It’s a reasonable assumption that attackers pro-actively look for these domains and take ownership as & when they expire. Who hasn’t forgotten to renew a domain? Every month the media report incidents from popular websites such as Forbes, Huffington Post, Yahoo and our own British example BBC serving up malware via malicious ads. Even Ad Blocker technology providers such as Pagefair are successfully compromised; their platform served up malicious code over Halloween 2015 to many of their customers websites.

Luckily - there are options available to mitigate this risk. You could use Ad Blocking tools for yourself & your users. This would no doubt help, however as we have seen in the USA & France very recently, media organisations are withholding content if visitors use ad-blocker tools now. Simply, it deprives content providers of ad revenue. You can deactivate & uninstall Java & Flash in your browsers. You can use tools to turn off Javascript in your browser(e.g Noscript for Firefox) , however the browser experience with Javascript turned off is painful. How do you & your users decide which of 32 domains to trust when going to a popular US weather site? As we have shown, it only takes one domain to go from good to bad literally overnight.

Businesses face the difficult issue of securing users on the Web whilst having to allow them to access sites, knowing that security measures in place don’t really have the ability to detect and stop all the threats. Organisations need a new way to protect & secure our users on the web. Read our latest datasheet on Ransomware here.
Jason Steer
Written by Jason Steer

Connect with us

Lists by Topic

see all