Cybercriminals are a constant thorn in the side of every IT professional. That said, it’s hard not to admire the inventiveness and determination that goes into many hacking campaigns.
The emergence of malvertising as a mainstream “industry” is a prime example. In 2017, a single group of hackers managed to spread malware-infected adverts to 62% of the web’s “ad-monetised websites on a weekly basis.” They did so using a network of fake advertising agencies, complete with bogus executive LinkedIn profiles and phoney social media presences. What’s more, they did it all without really having to get their hands dirty.
The eventual payload of a malvertising campaign isn’t particularly new or sophisticated; It’s generally all about infecting computers with malware using things like fake Adobe Flash updates and dishonest “scareware” internet security programs. The clever part is how the hackers now spread the malware via legitimate advertising networks, giving themselves a reach across millions of websites. And by no means are most of these sites “dodgy”.
Instead, the criminals work out ways to place their infected ads on sites people generally regard as safe places.
How Does Malvertising Work?
On a simple level, a hacker could launch a small malvertising attack simply by purchasing an R30;