In the early days, malvertising was simply about slipping some code into an ad to induce more clicks to drive up a higher ad payout from an unsuspecting advertiser. It almost seemed like a childish prank (unless you were the business suddenly paying for a lot of specious clicks).
But, malvertising has come a long way from its humble beginnings and can be used to deliver all sorts of nefarious payloads. From unleashing havoc on an SMB’s system, to mining (and reselling) sensitive data, to making end-users unwitting cryptojackers, malvertising has morphed into a more sophisticated method of extraction for the “bad guys.” People don’t even have to click on an ad anymore to unleash the bad stuff.
Springfield, Illinois-based IT and cybersecurity expert Dan Snider told Smarter MSP about some of the ways malvertising has changed. He says malvertising is still, at the most basic level, about running up revenue.
“The vast majority of malvertising campaigns generate revenue by causing an affected user’s browser to redirect traffic to a series of sites controlled by the advertising client,” Snider says. The fake clicks, Snider explains, are registered to these advertiser-controlled sites, which in turn generates revenue for the bad actors.
Confiant reports one billion fake ad impressions in 2017 as malvertisers have grown more sophisticated in their online meddling.
In a blog post about the report, Jerome Dangu, cofounder and CTO of Confiant writes: “Just like any other business, malvertising is driven by return on investment. But crucially, it needs to operate behind sophisticated evasion techniques. This means that only a small portion of the acquired traffic actually delivers a payload.”
So it’s in the malvertising business model to be as pervasive as possible.
What should an MSP do?
As an MSP, you are the first line of defense for many small and medium-sized businesses that reply on your judgment, expertise, and products to shield them from being attacked by an ad. There are a variety of things an MSP should do to protect their customers from this threat, according to Snider. Steps he recommends include:
BLOCKING: Block traffic to known maldvertisers and malware sources at the network level, as well as automatically enforcing restrictive browsing policies on endpoints.
ANTIVIRUS: Install and maintain an up-to-date antivirus solution on all high-risk machines, and ensure there are system policies to enforce, log, and report on antivirus operations and alerts.
EDUCATION: Educate your customers’ employees and other personnel on the security risks posed by malicious advertising, and teach and encourage safe browsing habits.
PATCH: Ensure all of your customers’ computer systems and software are updated with the latest security patches automatically and that a system exists to automatically audit machines for compliance.
#Malvertising can be used to deliver all sorts of nefarious payloads, so it has morphed into a more sophisticated method of extraction for the “bad guys” @smartermsp #cybercrime
Rise of “cryptotising”
Greenmark IT is an MSP that keeps systems safe in the bucolic North Woods of Maine. But malvertising doesn’t stop to appreciate the snowy vistas of the state’s highest peak, Mount Katahdin, or the plentiful moose that lumber through the thick hardwoods here. The malware, cryptojackers, and malvertisers are just as eager to do their work in this peaceful slice of America as they are anywhere else. And Greenmark is always on the lookout for malvertising and other threats in the string of towns they serve along the U.S.-Canadian border.
Eric Warren is the CEO of Greenmark IT, and he emphasizes the need for MSPs to constantly back up customer data. He told Smarter MSP that multiple backups are essential.
“We back up files to an offsite repository but also take images of each machine every 15 minutes,” Warren says. “This allows us to bring the user back to running state as quickly as possible on their own hardware or the cloud.”
But Warren fears a merging of cryptojacking and malvertising. This shift is already happening, morphing into a new threat: cryptotising
“The toolkit is out there to create your own encryption virus easily and cheaply, so I think that more nefarious people will do that. Imagine spending $35 once and making $80,000 per month off that, all through untraceable Bitcoin. I’d quit my job too if I didn’t have a conscience,” Warren says.
So look for ads that serve as a gateway to your supply of CPUs to help a miner dig for Bitcoin.
And all of this makes adblocker programs look a lot more appealing.