The internet can often feel like an obstacle course of threats, especially for businesses.
With the dramatic growth in e-commerce, data storage and general internet usage, cybercriminals are heavily incentivised to find new ways of attacking individuals and organisations, stealing data, planting viruses and even holding an entire system to ransom. Malvertising is one such method.
The following blog will take you through everything you need to know about malvertising, discussing what it is, how malverts work and how best to spot and stop them.
Malvertising is a compound word formed from ‘Malware’ (another composite word meaning ‘Malicious Software’) and ‘Advertising’.
At its most basic level, malvertising is the act of disguising malware as advertising, enticing users to click and interact as a means of infecting their system.
Cybercriminals place malicious code or software within legitimate-looking adverts, often in the form of a pop-up. Once clicked, the software could do any number of things, none of which will benefit your business.
The true threat of malverts is that you don’t even have to click on one to get infected. You just have to visit the wrong site, and these malverts often find their way onto legitimate sites, like the New York Times and the BBC.
The first thing to understand when considering malvertising is the way advertising works online.
Companies often use third-party ad vendors (or ad servers) to spread their content in a way that will make the most money for their website. This can sometimes be as simple as signing up to the site and submitting an ad.
Cybercriminals exploit this by initially submitting harmless and legitimate ads to gain the trust and services of the vendor. Once the ad has been distributed, cybercriminals will switch out the legitimate content for a malvert. After a few hours, the ad will be switched back, making it seem legitimate again.
Ad servers often have lax, or automated vetting processes, making it very easy for cybercriminals to slip malverts through their systems without anyone knowing.
Malverts often look legitimate, so spotting one can be tricky.
Web Woes, one of our many innovative and approachable Cyber Security Awareness training modules, helps trains individuals and organisations to spot malvertising online and lists a number of tips you can use to prevent being affected by malverts. Here are just a handful of Bob’s Top Tips on how to deal with malverts online: