One of your company’s employees could be reading the latest news about the Olympic games on a trusted page (possibly even on a reputable news page), and if he clicks the wrong advertisement–one that looks like an advertisement but isn’t– the system will be infected.
A super small section of the code from the website (which seemed trustworthy at first) is actually in charge of cataloguing the user and the machine to look for adequate malware, and then downloading it. This could happen to your business while it also hits the New York Times, Yahoo, BBC, or AOL.
Malvertising can infect anyone. The enemy hides in those banners bordering websites. Cybercriminals probably gain access to websites by hacking into networks of real advertisements. In 2015, Google blocked 780 million malicious ads that could have easily passed by as legitimate advertisements.
In 2015, Google blocked 780 million malicious ads.
As we saw in the last Q2 Pandalabs Report, malvertising has become a favorite tactic for cybercriminals. Recently, the well-known website perezhilton.com fell victim to two malicious publicity attacks that used the new exploit kit Angler to infect more than 500,000 of the blog’s daily visitors.
To protect your company from this kind of attack, the devices your employees use should be continuously updated with the latest operating system version, and the browser and main plugins (Java, Flash) that you have installed should also be updated. If you don’t use the plugins, you should definitely eliminate them. Also, installing an ad blocker could be an effective and inexpensive solution, especially since media communications and other websites base their pages on these advertisements. Programs or extensions like Adblock prevent these ads from executing malicious codes.
Lastly, a good antivirus is fundamental to protect us from these type of attacks. The top of the line security solutions are capable of detecting malvertising and could protect you from an unpleasant experience.