- The Washington Times - Tuesday, August 25, 2015

Security specialists say cybercriminals are increasingly using online advertising to infect computers with viruses, and one firm has reported a 325 percent increase in “malvertising” last year.

Cyphort, a California-based advanced-threat defense company, published a report Tuesday in which it predicted that malvertising could soon become the No. 1 tactic of hackers.

Researchers have seen malware delivered through advertisements since at least 2007, but professionals at Cyphort said attacks are increasing in scale and sophistication.

The Huffington Post’s website and YouTube were found to have been serving malware to visitors in recent months through online advertisements, the firm said. The attacks have the potential of letting hackers execute arbitrary code on infected computers.

“Cyber criminals always look for the least point of resistance when attacking networks, making malvertising campaigns an enticing way for them to commit fraud and steal proprietary information from unsuspecting corporations,” Fengmin Gong, Cyphort’s co-founder and chief science officer, said in a statement.

Hackers are able to wage malvertising attacks by placing seemingly legitimate, or “clean,” ads on sites, then altering or executing secretly embedded codes that can force a computer to load malicious software.

Sometimes a user has to click on a malformed ad for the computer to become infected, the report said, but attacks also are being deployed by covertly embedding ads with HTML-based JavaScript or Flash-based ActionScript that can be executed to exploit browser vulnerabilities and open doors for hackers.

“Consumers will continue to be the most direct victims of malvertising campaigns, as their computers can be infected when they simply click unsuspectingly on a malicious ad or, in some cases, by simply going to a site they visit frequently,” said Mr. Gong, who holds a doctorate in computer science.

Malvertising attackers have found that having infected ads delivered to visitors is easier in most instances than identifying vulnerabilities to exploit within a website, the report said.

Cyphort’s researchers said malvertising is on the way to becoming “the most favorable vector for cybercriminals to conduct sophisticated drive-by attacks on Internet users with some degree of selective targeting.” It allows hackers to narrow their pool of victims based on the demographics of an online audience, the researchers said.

Cyphort said its own research has shown a 325 percent increase in malvertising during 2014.

Cybercriminals stand to cost global advertisers an estimated $6.3 billion this year through the use of automated programs that click through ads on third-party sites to generate ad revenue, according to a study released last year by the Association of National Advertisers and security firm White Ops.

A separate report this month determined that the existential threat caused by browser plug-ins that are developed to keep third-party ads from loading could cost publishers more than $41 billion by next year.

• Andrew Blake can be reached at ablake@washingtontimes.com.

Copyright © 2022 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide