Security specialists say cybercriminals are increasingly using online advertising to infect computers with viruses, and one firm has reported a 325 percent increase in “malvertising” last year.
Cyphort, a California-based advanced-threat defense company, published a report Tuesday in which it predicted that malvertising could soon become the No. 1 tactic of hackers.
Researchers have seen malware delivered through advertisements since at least 2007, but professionals at Cyphort said attacks are increasing in scale and sophistication.
The Huffington Post’s website and YouTube were found to have been serving malware to visitors in recent months through online advertisements, the firm said. The attacks have the potential of letting hackers execute arbitrary code on infected computers.
“Cyber criminals always look for the least point of resistance when attacking networks, making malvertising campaigns an enticing way for them to commit fraud and steal proprietary information from unsuspecting corporations,” Fengmin Gong, Cyphort’s co-founder and chief science officer, said in a statement.
Hackers are able to wage malvertising attacks by placing seemingly legitimate, or “clean,” ads on sites, then altering or executing secretly embedded codes that can force a computer to load malicious software.
“Consumers will continue to be the most direct victims of malvertising campaigns, as their computers can be infected when they simply click unsuspectingly on a malicious ad or, in some cases, by simply going to a site they visit frequently,” said Mr. Gong, who holds a doctorate in computer science.
Malvertising attackers have found that having infected ads delivered to visitors is easier in most instances than identifying vulnerabilities to exploit within a website, the report said.
Cyphort’s researchers said malvertising is on the way to becoming “the most favorable vector for cybercriminals to conduct sophisticated drive-by attacks on Internet users with some degree of selective targeting.” It allows hackers to narrow their pool of victims based on the demographics of an online audience, the researchers said.
Cyphort said its own research has shown a 325 percent increase in malvertising during 2014.
Cybercriminals stand to cost global advertisers an estimated $6.3 billion this year through the use of automated programs that click through ads on third-party sites to generate ad revenue, according to a study released last year by the Association of National Advertisers and security firm White Ops.
A separate report this month determined that the existential threat caused by browser plug-ins that are developed to keep third-party ads from loading could cost publishers more than $41 billion by next year.