Malvertising is a digital threat that is becoming to plague a range of businesses.
The malicious attacks have increased at an explosive rate. Indeed, research from RiskIQ confirms this, revealing that malvertising has risen by 132% in 2016 compared to 2015.
Delivered through ad networks such as Google and Facebook, threat actors use malvertising to propagate malware, ransomware, and scams (disingenuous advertising), as well as redirect victims to phishing pages and pages hosting exploit kits.
“Malvertising is so nefarious because it’s a direct attack on the lifeblood of the internet as we know it. Digital media marketing is what funds the ‘free’ websites we all know and enjoy online. The success of the internet and all the people that rely on it is inextricably linked to online advertising success and safety,” said James Pleger, threat researcher, RiskIQ.
“Publishers, ad platforms, and ad operations teams need active visibility, forensic information, and mitigation capability to enable them to effectively detect and respond to malicious ads in the wild.”
Key findings in the report include analysis data on the following malvertising characteristics:
● 132.6% Increase in total malvertisements
● 1,978.9% Increase in redirections to phishing pages
● 845% Increase in scam detections
● 22% Increase in antivirus binary injections
● 25.8% Increase in malicious distribution systems
● 58% Increase in scareware and browser lockers
According to a report compiled by eMarketer, the worldwide paid media market recently hit more than half a trillion dollars, and worldwide paid media spending is expected to reach $674 billion by 2020.
“Malvertising threatens this online marketing growth,” Pleger said. “For example, users wary of malvertising will block all ads, hampering the success of the digital advertising industry. By the end of 2017, 14.7 million people in the UK will be using ad blocking software.”
A proprietary/curated blacklist can help mitigate the risk for digital advertisers and publishers. This technology scans malicious ads, intelligently and was used by RiskIQ to scan over 2 billion pages and nearly 20 million mobile apps per day.
This proprietary blacklist lets ad ops, brand managers, and security staff vet new demand sources and prevent malware within their ad infrastructure.
The crawling infrastructure integrated into the technology allows it to capture the entire ad, indicate which part of the ad-serving process was compromised and helps a business identify the entity responsible.