The fact that Hacking Team's exploits were included in the kits used in the recent spree of malvertising attacks didn't surprise researchers, since kit maintainers regularly update their tools to include Flash zero days. Angler and Nuclear, both named in recent malvertising campaigns, are among the handful of exploit kits popular among cyber criminals today. In fact, Angler is one of the quickest to adopt newly revealed zero days into its list of attacks and was the first to weaponize zero days from Hacking Team.
Thanks to exploit kits, criminals no longer need to have a high level of skill to launch a campaign with sophisticated tools, said George Kurtz of Crowdstrike. "The marketplace lets you buy what you need," Kurtz said.
Forming a defense
Malvertising exploits normal Web behavior, where users go to websites and see advertisements alongside whatever content they are interested in, and as a result, it's a difficult attack vector to block. Enterprises and users should keep the operating system and installed software up to date with the latest patches so that exploit kits don't have easy flaws to target. Antimalware and other security software can check and block actual payloads as they are downloaded, so it's essential they are always up to date. Enterprises can adopt other tactics, such as whitelisting URLs, filtering URLs based on the Web reputation, or using technologies like secure Web gateways to analyze links in real time.
Turning off Flash in browsers and making all third-party plug-ins click-to-play stop some bad ads, but it's important to keep in mind that not all malvertising relies on Flash vulnerabilities. However, if the attack vector is relying on advertisements on the Web page, then it seems rational that the best way to protect against malvertisements is to use ad blockers so that none of the ads get delivered to the Web browser in the first place.
Advertisers don't like ad blockers, but they may need to reconsider their stance. Adobe and PageFair estimated loss of global revenue due to blocked advertisements in 2015 at more than $21.8 billion, and while their numbers may be biased, the fact remains that ad-blockers threaten the industry's bottom line.
But ad-blockers are increasingly popular. Adblock Plus, one of the better-known ad blockers, has seen download numbers between 2.5 million and 3 million per week, said Ben Williams, a spokesperson for Adblock Plus. The numbers went up in 2014 after a series of malvertising attacks against well-known brands and have been constant since then. "Just goes to show you that more and more people are aware of the dangers posed by renegade ads and know how to protect themselves against them," Williams said.
Sign up for CIO Asia eNewsletters.