pixel_dreams - Fotolia
Mitigating malvertising or malicious ads threats requires a layered strategy that should already be part of an enterprise's information security program for protecting endpoints from malware. Most malvertising ends up exploiting the same vulnerabilities as other malware, but uses ad networks for initial infection.
Some of the most famous malvertising attacks were by the Fluffi Bunni against leading information security vendors; in 2001 Fluffi Bunni compromised an ad network to deface the SecurityFocus website. More recently, Bromium security researchers presented at the Virus Bulletin conference about malvertising attacks utilizing the Yahoo ad network.
Attackers have now learned that compromising a user where they already are is much easier than going out and attacking the user's computer (This could also account for the rise in watering hole attacks).
While ad networks could protect their networks from being used in an attack, many of the steps needed to do so may also prevent legitimate customers from using their services; many ad networks may want to maintain an out-of-band approval mechanism for accounts or even ads.
Ad networks could add validation to reduce the chances that a customer could be compromised or a new malicious customer created. Validation could include vetting potential customers by requiring legal business paperwork and two-factor authentication, scanning potential ads for malicious content prior to publishing the ad, or potentially converting Flash ads to animated gifs or other types of content.
Webhosts could also mitigate malvertising attacks by periodically checking their websites from an unpatched system and monitoring it to see if any malicious activity is detected. If malicious ads are detected, they could then be disabled by the webhost.
To reduce the risk of malvertising attacks affecting the enterprise, security teams should follow general endpoint antimalware advice such as keeping up to date with patches, not running as an admin and so on. Using a network antimalware tool may be more effective against this attack because ad networks don't generally use HTTPS; a network antimalware tool could monitor and block malicious full HTTP connections.
Ask the Expert:
Perplexed about enterprise security? Send Nick Lewis your questions today. (All questions are anonymous.)
Learn more about the ever-expanding malvertising threat.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading