Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The perils of malvertising

Sugiarto Koh, Regional Director, ASEAN (Security) at Cisco | Sept. 11, 2014
Combating new threats as Internet advertising surges

Recent reports from Nielsen show that Internet advertising spend now outpaces all other forms of media. In fact, the trend is also increasingly evident in Singapore's context. Based on findings from analyst house PWC, Singapore's growing Internet advertising market is forecasted to grow from US$162 million in 2013 to US$264 million in 2018, signifiying strong potential for the industry.

Though annoying for users, Internet advertising is an important model as it allows people to freely consume the vast majority of the web. The repercussions for the Internet could be monumental should this model change, or if people stop trusting Internet advertising altogether. However, just as how advertisers regard Internet ads as huge opportunities to reach their targets, so do hackers.

"Malvertising", a form of online advertising used to spread malware, is becoming increasingly prevalent today. It is now much easier for adversaries to gain access to the tools they need and target a specific population at a certain time - such as soccer fans watching a World Cup match. Functioning like actual advertisers, malvertisers can approach companies that are gatekeepers for legitimate ad exchanges, and request for the ads to be served as quickly as possible, leaving little or no time for the ad content to be inspected.

Visitors can be infected with malware in the course of their normal Internet browsing without even clicking on the advertisement, and therefore have no idea where or how they were infected. They are seamlessly redirected to websites that host exploit kits rented or purchased by the adversary, which push a 'dropper' (malware component that installs certain malware into a target system) onto their systems and infect those that are vulnerable. Any attempt to trace the source afterwards will be practically impossible, as the ad that delivered the malware has long disappeared.

Security professionals can help prevent such attacks by ensuring the security of web gateways, which play an increasingly significant role in any cybersecurity strategy.  Conventional secure web gateways operate at a point-in-time, providing professionals with just one shot to detect and stop traffic. However, as advanced attacks are ongoing and require continuous scrutiny, mere visibility and blocking at the point of entry isn't enough. In order to establish more effective protection strategies, it is pertinent for security professionals to identify solutions that encompass the full attack continuum - before, during, and after an attack - when evaluating secure web gateways.

Before an attack: Comprehensive awareness and visibility are required to implement policies and controls to defend the environment, with URL filtering and web reputation filtering being first checks in the process. URL filtering enables the setting of policies to block known malicious sites, and also facilitates content-based blocking of URL categories - such as blocking ads, but allowing news. Those concerned about the impact of ad-blocking on user experience can explore adding other security layers.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.