Cyberattacks are also a reality, and it's no longer just about phishing or passwords. One threat to businesses emerged in the late 2000s but has gained traction–malvertisements.
“Mal” advertising isn’t much of a mystery. Attackers place malware onto desktops and mobile devices to steal from or damage databases. Unfortunately, the results can be catastrophic for your brand’s reputation, especially if these attackers manage to leak employees’ and customers’ personal data.
Malvertising happens via two major platforms: fake sites and real ones.
Attackers make faux website pages to mirror official ones. The aim is to make searchers slip up and use this illegitimate site.
According to Rapid7’s cybersecurity researchers, this is frequently happening to Windows administrators as the attackers impersonate Putty and WinSCP (two commonly used Windows utilities). The devil is in the details, since these hackers are relying on searchers misspelling names to land on these phony websites.
Searching “puuty.org” instead of “putty.org” or typing in “vvinscp.net” rather than “winscp.net” places the matching (misspelled) website URL as the first search result. The fake site pops up, admins click on it because they’re in a rush or sloppy, and they don’t notice the mistake until malware infiltrates your business.
Alongside a malicious website, malvertising takes the form of malicious ads on legitimate websites.
Hackers are more creative with these malvertisements, placing malware into your legitimate company pages where even cautious users can fall victim to them. In this way, they breach your third-party server by placing harmful codes into:
Once clicked on, the malvertising campaign ad installs malicious software into the device or redirects them to a fake website where advanced attacks destroy files, copy sensitive data, and monitor activity.
Can you protect yourself and your employees from harmful sites and ads that threaten personal information? Yes. Recognize these signs of malvertising:
As a publisher, your business can protect its website visitors. Start by choosing third-party ad networks carefully and scanning for codes or malware before uploading ads to your site. Trusted cybersecurity teams can also help your business by making recommendations based on recent ad activity.
Your business's cybersecurity is only as strong as its weakest link–that one employee clicking a malicious ad. Update extensions, software, and web browsers with antivirus software and encourage safe searching online. The less malvertising risk your company faces, the more peace of mind you’ll have going forward.