Recent research from end-point security firm Malwarebytes found that malvertising is one of the primary infection vectors and will be used to reach millions of consumers this year.
According to the research, cybercriminals paid an average of 49p for every 1,000 infected adverts impressions on major websites, which dropped to as low as 4p per infected ad impression during off-peak times.
In light of the findings, we spoke to Christopher Boyd, Malware Intelligence Analyst at Malwarebytes, to discuss this malvertising trend and how companies can keep themselves secure.
- You were at Infosec earlier in the month, what were the most prominent trends at the event?
The biggest trends I saw at Infosec this year were a combination of discussions about cloud security, Government surveillance and how companies can make use of Threat Intelligence.
There seemed to be a definite feeling that people are no longer as concerned with "Who pulled off this particular hack" as they are with "I don't care who did it, how can we stop it happening again?"
- What kind of cyber attacks are hackers resorting to the most at the moment?
Ransomware served up via Malvertising, exploits and Macros in Word Documents would be the dominating force in the threat landscape right now.
Some may feel running ad blocking software as a means to combat Malvertising impacts on website revenue, but those discussions tend to sideline the very real and increasingly pronounced impact that Malvertising is having on website visitor confidence.
Never a day goes by where we don't hear about some new attack causing fresh misery for people using unpatched machines, or those unlucky enough to fall for a simple social engineering trick which ends up locking them out of their system.
- Should companies be making themselves more aware of certain types of attacks?
Spear phishing and confidence tricks are very popular as they take the path of least resistance and target the people at the keyboards. The scammers know companies are investing heavily in tech, while basic security practices are rarely - if ever - touched upon.
Many of the day-to-day attacks we see contain a human aspect, so it's well worth investing in training whenever possible.
- Why are zero-day attacks so popular at the moment?
They work very well with Malvertising, which is a great launchpad for exploit attacks. You can't predict when or where bad adverts will strike, and any popular website using ad networks can be used as a potential vector by the scammers.
The ability to daisy-chain these attacks is another plus point - you might begin with an ad network who weren't too fussed about checking your credentials, then push your ads onto a number of sites with each ad using a different exploit kit targeting Flash, say, or an unpatched PDF reader. From there, the payload might be Ransomware to make money directly or even keyloggers or banking Trojans - the possibilities are endless.
These attacks are fast, modular and very difficult to catch "in the act". By the time anybody has noticed, the bad actors are usually long gone and have achieved whatever it was they originally set out to do.
- What steps should businesses take to defend against zero-day attacks?
While there is no cast iron guarantee for avoiding zero days, layered defence comprising up to date Antivirus alongside Malware detection and exploit blocking technology is a good place to start.
However, staff training is crucial - if a company can't afford every security tool they need then employee knowledge is one of the few things they have left to rely upon. When rogue Word documents are being sent out containing step by step instructions to enable Macros, training should be seen as critical to the business.
- What are the main security challenges that firms are facing at the moment?
The biggest challenges firms face right now are lack of training and backups. The training is usually reams of text nobody reads in the employee handbook, and there can often be very little communication between IT and the staff on the ground.
Too many companies fail to create a solid backup plan and are left with all of their data gone in one push of a button. Secure offsite backups, along with encryption where necessary, are absolutely essential when talking about Malware which can hold your business to ransom.