What Is Malvertising?
Oxford Dictionary defines malvertising as ‘the practice of incorporating malware in online advertisements.’ Short for malicious software, or malware advertising, this is the practice of attacking viewers or consumers with fraudulent information that is inserted into sometimes (but not always) legitimate advertisements.
How Does It Work
Malvertising works in conjunction with the online advertising ecosystem by initiating multiple redirects after the user clicks or views an infected advertisement. This is done by cyber criminals hiding a small bit of code within legitimate advertising content. This can be integrated into ad servers, publishing servers, or other platforms that work together to display online ads. For example, the New York Times publishes content from its writers as well as content that is in partnership with businesses that have hired ad agencies to provide digital ads. This means that there are multiple moving parts that work together to provide the ad interface and content for readers to access the ads. Along with other legitimate sites like the BBC, The Onion, The London Stock Exchange, and many other websites, they have been injected with malicious ads that led to readers being hijacked and redirected to sites demanding a ransom to unlock their computers.
Because of the vulnerabilities of some browsers, the installation of the malware can happen simply by viewing the advertisement. Malvertising isn’t the actual virus, but it can lead to the deployment of one. It is threatening because it isn’t always detected right away – or ever – and it doesn’t require action by the reader or viewer to be deployed and dangerous.
Not All the Same
Malvertising is not the same as ad malware or adware. Adware, short for advertising-supported software) is installed usually without knowledge from the user. This can include pop-up ads that are automatically and repeatedly displayed without the ability to stop or control them by the user.
How Do You Stop It?
Training users to make smart cybersecurity decisions when it comes to protecting a business from cybercrime. Your employees must be continually on alert in today’s threat landscape against the tactics that hackers will use to gain access to your network or disable the company’s employee’s ability to work.