Cyber-criminals abusing legitimate ad space to serve malware to ordinary folk, are getting more sophisticated, and their techniques harder to spot, according to new research.
Cyber-security experts from Malwarebytes have recently released a new report, detailing cyber-attacking practices in the UK. According to the report, malvertising campaigns are almost impossible to spot, without the ‘smoking gun’ – in this case, an obvious redirecting of the victim to a site where malware is being served.
They use a couple of techniques to trick ad networks, and ordinary users, into thinking they’re a legitimate business. The first is called domain shadowing – a process of using users domain registration logins to create subdomains, according to Cisco. Malwarebytes gives an example of cdn.exterquads.com shadowing a legitimate domain exterquads.com.
Then, it’s followed by an innocuous 1×1-pixel image that hides the rogue code.
All of that is topped off by quality ad design skills – the ads served by these crooks look exactly like legitimate ads.
“Because this campaign was aimed at people living in the UK, we searched for additional rogue advertisers abusing other businesses. We found quite a handful of them that have been used in recent attacks,” Malwarebytes says in the report.
Showing a number of ad banners made up from scratch, they were “respecting the logos and colour schemes of the legitimate brands they exploit, while their respective owners had absolutely no idea about it.”