adarma_logo_twgt-black[11615449]
adarma_logo_twgt-black[11615449]
Assessments
All Cybersecurity Assessments

Improve security maturity and capability while reducing risk
Cyber Maturity Assessment

Define, measure and improve your security posture
SOC Maturity Assessment

Understand and improve the capability and maturity of your SOC
SIEM Assessment

Your roadmap to increase the performance and value of your SIEM
Crisis Simulation Assessment

Stress-test your organisation’s cyber response capability

Latest Insights

Cyber Insiders is a cybersecurity podcast by Adarma.
Podcast
Nov 2

Cyber Insiders Podcast: Liz Banbury on Safeguarding Critical National Infrastructure
Threat Intelligence Exposure Management
Detection & Response
Managed SOC

Delivering today’s capability, while staying adaptable for tomorrow’s threat
Microsoft MDR Solution

Maximise the potential of your Microsoft E5 License
SOC Engineering

We help design, build, and integrate the security operations capability you need
Incident Response

Intelligence-led preparation, practice and real-world cyber incident response
Socket Platform
About Us
We Are Adarma

Your partner for effective cyber threat management
ESG

Protecting the promise of cyber resilience
Partners

Working in partnership to make the world a safer place
Careers

Become a Cyber Defender
Contact Us

Get in touch today
Insights
Cyber Hub
Cyber Insiders
News & Blog
SIEM Transformation
Future-Ready SOC Report
SecOps Excellence
Events
Share:
January 30, 2023

What is Malvertising and How to Defend Against it

Malvertising isn’t a new threat, but the uptick in sophistication of payload has seen a resurgence in its popularity. This may also be as a result of better phishing controls and detections, and more robust basic protections being built into operating systems such as Windows.

At the end of last year, the FBI issued a warning that cyber criminals were deploying malvertising to redirect people to sites that host ransomware and steal login credentials and other financial information.

In October 2022, a massive campaign, using over 200 typosquatting domains impersonating 27 well-known brands to distribute malware, steal cryptocurrency recovery keys and push Android malware was uncovered.

Among the impersonated software brands included AnyDesk (a tool used by IT teams to troubleshoot user issues remotely), Dashlane, Grammarly, Malwarebytes, Microsoft Visual Studio, Slack, and Zoom, among others.

More recently, hackers have been abusing Google Ads to push malvertising scams by outbidding the legitimate developers to place the malicious ads in the top position on Google search results. Often, they are choosing to mimic free and open-source software, which in the age of remote working can present a real problem for enterprises.

So, what is Malvertising?

Malvertising or malicious advertising is a type of cyberattack that hides malicious code in digital ads or links to malicious programs posing as legitimate software. It’s problematic because it’s hard for both internet users and ad publishers to detect. These malvertising ads do a good job of impersonating brands down to the smallest details.

Typically, these infected ads are presented to users via legitimate advertising networks and because these ads are often shown to all website visitors, virtually every page visitor is at risk. The malware is so well masked in a cloak of legitimacy, users often don’t hesitate to click.

Once clicked the concealed malware will install on the user’s computer, where it can steal their data or execute an exploit kit to scan the entire system for exploitable vulnerabilities or weaknesses. Like any other malware, it can damage files, monitor user activity or even establish backdoor access points.

Malvertising attacks in an enterprise setting can grant threat actors a sneaky entry point to the organisation’s network, from where they can then launch a more devastating attack. It has become more of an issue for businesses in the age of remote working. Whether it’s to use communications tools, collaboration platforms, or to access data, most employees need to be online.

So, how can organisations protect their users and systems from the threat of malvertising?

1. Deploy ad blockers

In enterprise environments, ad-blockers, when used in combination with a web proxy, can prevent employees being exposed to malicious ads and bar them from accessing risky websites.
As a basic safety precaution against malvertising, businesses should ensure that approved and vetted ad-blocking software is enabled on all the devices they issue to their employees.

2. Provide cybersecurity training to your employees

Good cyber hygiene and training is key to stopping employees from accidentally unleashing malware on your systems. Employees should be made aware of your company’s software policies and alert them to the prevalence of these adversary tactics.

3. Keep software up to date & digital environments well maintained

Ensure that all software and extensions, including web browsers, are up to date. It’s also best to ensure company devices avoid using Flash or Java where possible and not permit these programs to run automatically while users are online. If ad-blockers are deployed they should be updating automatically to download the latest versions of blocklists.

4. Deploy or configure a web proxy that can block malicious domains or web content

A web proxy server is a system that provides a gateway between users and the web. Web traffic proxies encrypt your web requests to protect them from prying eyes and can help protect your business communications. Proxy servers also work to prevent intrusions from or connections to known malware sites and can flag potential issues caused by users’ web browsing and unsafe content.

To find out more about Adarma and how we can help strengthen your cybersecurity posture, please contact us.

Stay up to date with the latest threat insights from Adarma by following us on Twitter and LinkedIn.

Contact Us