pixel_dreams - Fotolia
Mitigating malvertising or malicious ads threats requires a layered strategy that should already be part of an enterprise's information security program for protecting endpoints from malware. Most malvertising ends up exploiting the same vulnerabilities as other malware, but uses ad networks for initial infection.
Some of the most famous malvertising attacks were by the Fluffi Bunni against leading information security vendors; in 2001 Fluffi Bunni compromised an ad network to deface the SecurityFocus website. More recently, Bromium security researchers presented at the Virus Bulletin conference about malvertising attacks utilizing the Yahoo ad network.
Attackers have now learned that compromising a user where they already are is much easier than going out and attacking the user's computer (This could also account for the rise in watering hole attacks).
While ad networks could protect their networks from being used in an attack, many of the steps needed to do so may also prevent legitimate customers from using their services; many ad networks may want to maintain an out-of-band approval mechanism for accounts or even ads.
Ad networks could add validation to reduce the chances that a customer could be compromised or a new malicious customer created. Validation could include vetting potential customers by requiring legal business paperwork and two-factor authentication, scanning potential ads for malicious content prior to publishing the ad, or potentially converting Flash ads to animated gifs or other types of content.
Webhosts could also mitigate malvertising attacks by periodically checking their websites from an unpatched system and monitoring it to see if any malicious activity is detected. If malicious ads are detected, they could then be disabled by the webhost.
To reduce the risk of malvertising attacks affecting the enterprise, security teams should follow general endpoint antimalware advice such as keeping up to date with patches, not running as an admin and so on. Using a network antimalware tool may be more effective against this attack because ad networks don't generally use HTTPS; a network antimalware tool could monitor and block malicious full HTTP connections.
Ask the Expert:
Perplexed about enterprise security? Send Nick Lewis your questions today. (All questions are anonymous.)
Learn more about the ever-expanding malvertising threat.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.