Malvertising: Hackers are Paying For Ad Space on Popular Websites

December 14, 2015

contact us


b2ap3_thumbnail_click_on_malware_ad_400.jpgA good business exercises extreme caution when using the Internet.  Hackers use any means possible to unleash threats against organizations of all sizes. Though you teach your employees how to avoid threats and to avoid suspicious websites, what if that’s not enough to keep hackers out of your network infrastructure?

Some businesses are finding it increasingly difficult to separate the bad from the good when it comes to online security. This is thanks to a number of new and emerging threats, with the latest one being “malvertising.” This threat focuses on using advertising space on websites to inject malicious code into unwary users. This malware often takes advantage of “zero-day exploits” (problems that haven’t been patched), which means that these threats are difficult to defend against, even under the best circumstances! 

Take, for instance, a threat described by ComputerWorld:

[…] the source of the infection was a malicious advertisement, one that was running on a mainstream news service! The news website sells ad space served up by an advertising company, which in turn sells that ad space to anybody willing to pay for it. In this case, the bad guys were paying for it. They signed up for ad space just like any other customer, but the advertisement they created — known as “malvertising” — exploited a zero-day (unpatched) vulnerability in Adobe Flash to run commands through the browser to the victim computers’ operating systems, without any knowledge or intervention by the end users.

Even when you have cyber security in place, what happens when threats are capable of making themselves invisible to your efforts? This is essentially what happened in the above scenario. Because the malvertisement literally needed no user interaction whatsoever, it was capable of infiltrating the system without being detected, simply because any and all training that employees might have can simply be ignored. Something like this wouldn’t be blocked by a web content filtering system because it’s on a legitimate site.

Thankfully, with the latest cybersecurity tools at your disposal, we can identify and resolve problems like these relatively quickly. The important thing to remember about cyber threats is that they will almost always leave some sort of sign that they were there. Be it a virus or piece of malware that’s detected by a firewall or a phishing email that’s blocked by a spam filter, you’ll know you’re getting attacked. Even in cases where administrator credentials are used for remote access to your network, you can use your access logs to determine whether or not the account activity is legitimate.

Malvertising is a concerning trend, to be sure.  But with powerful security solutions designed to take proactive measures against online threats, you can bet they will have significant difficulty running amok in your business. By taking full advantage of enterprise-level security solutions, your business can detect and eliminate threats in the most secure way possible. For more information, contact CTN Solutions at 610-828-5500.


Contact Us

4 + 4 =

CTN Solutions

Address: 610 Sentry Pkwy, Blue Bell, PA 19422

Phone: (610) 828-5500


Skip to content