2017 Projections for the Growing Threat of Malvertising

As we progress into 2017, MSPs should pause and take stock of the most pressing hazards currently on the threat landscape. In further excerpts taken from his recent podcast discussion with IT channel expert Pedro Pereira, Webroot Senior Threat Research Analyst Tyler Moffitt details which cyber threats merit close attention as the year continues to unfold.

“Beyond the Internet of Things, which is a whole different category that’s scary in itself, the more generic threats we see on PCs, laptops, and on phones are all still on the radar.” Moffitt begins. “In tandem with those I would list phishing and exploit kits together, since they’re making advancements, as well.”

After going on to discuss the efficacy of phishing schemes that employ fake log-in pages (“it’s the most effective method of compromise”), Moffitt pauses to reconsider his choice for the most virulent threat for the new year. “You know what?” he muses. “I think I’m actually going to have to give it to malvertising, because malvertising has been explosive in 2016, and it’s on track to even be more destructive in 2017.”

Because malvertising may be unfamiliar to many IT professionals, Moffitt first provides a brief description of how malvertising operates: “Essentially, cyber criminals submit booby-trapped advertisements to ad networks for their real-time bidding processes. And these ad networks that supply the ads … you might not know it, but it’s not done by a human. It’s all done by an algorithm.”

Exploiting this lack of human oversight, the cyber criminals begin by lulling the ad networks into a false sense of security. According to Moffitt, “These guys submit authentic ads for a couple weeks, so they get a decent reputation that will last for a little while. Then they submit the booby-trapped ads. These malicious ads rotate with normal ads on legitimate, highly reputable sites. After that, victims don’t have to do anything but click on the ad.”

This innocuous activation of the threat disguises a particularly diabolical process, Moffitt notes. “You click the ad, and then an invisible iFrame redirects you to an exploit landing page, where the malicious code then attacks your system. You see an advertisement for shoes that looks like any other, normal ad. You click on that ad, and then all of a sudden your documents are encrypted. It’s not as if it even downloads a file at the bottom left of your browser that you have to click on before it can run.”

Moffitt concludes, “The exploit landing page is typically so well implemented—attacking Flash Player, Java, Word and Silverlight vulnerabilities—that it’s able to download the DLL and unload its instructions into the memory of the browser, whether it’s Internet Explorer, Firefox or Chrome. That open process, active process, is actually being used to perform the encryption on you. It’s definitely scary and something to watch out for.”

Advertising on the Internet continues to proliferate at a rapid pace, making it urgent for MSPs to alert their clients to the growing malvertising menace. As such a ubiquitous and seemingly benign attack vector, online ads can lull even your most vigilant customers into complacency—with disastrous consequences. As always, keeping your clients educated about the latest cyber threats is key to maintaining their security.

Download the 2017 Webroot Threat Report to stay up-to-date on the threat landscape.

This guest blog is part of a Channel Futures sponsorship.