Malvertising and phishing are not new. But using distributed ad networks to serve up malicious ads on legitimate websites is catching victims by surprise and enabling cybercriminals to lure more intended targets to their malware. These types of campaigns can compromise corporate and BYOD devices with malicious browser extensions that are hard to detect. Ad networks enable malvertising to be served up on numerous sites. When these ads appear on legitimate websites, they benefit from the implied trust visitors have of those sites, enabling them to hook more people into their nefarious schemes.
SlashNext recently discovered an example of malvertising being served up through Google ads on a legitimate website: The New York Times. The ad looks innocent enough in promoting a download of a simple PDF viewing and conversion app tool.
Clicking on the ad takes visitors to a nice-looking page with more information about the product and a prominent green button that encourages viewers to “Download to Continue”.
And it all started with a simple, hard-to-block ad on a trustworthy site rather than a phishing email. Malvertising is living up to its name.
What can an IT security team do about it? For these kinds of threats, there are three primary defenses.
- User awareness and education about the dangers of downloads of any type not sanctioned by the organization
- Real-time phishing threat intel feeds (aka block lists) to block access to sites serving up rogue browser extensions and other forms of malware
- Network Traffic Analysis (NTA) systems to detect signs of unauthorized systems access, lateral movement, or data exfiltration
It’s often impossible to stop every malvertising attack. But smarter users and defenses can interrupt the kill chain sequence to prevent users from ever reaching the malicious website that these malvertising ads intend for their targets.
With our Real-Time Phishing Threat Intelligence and Targeted Phishing Defense products powered by SEER™ threat detection technology, SlashNext can integrate with leading TIPs, SIEMs, SOARs, and NGFWs to automate detection and protection against zero-hour threats from malvertising ads and help prevent the real damage from happening.
SEER (Session Emulation and Environment Reconnaissance) runs virtual browsers in a purpose-built cloud to dynamically inspect sites with advanced computer vision, OCR, NLP, and active site behavioral analysis. Machine learning enables definitive verdicts—malicious or benign—with exceptional accuracy and near-zero false positives. SEER uses virtual browsers to dynamically inspect page contents and server behavior to detect tens of thousands of new phishing URLs per day.
By preventing the straight to browser attacks from their phishing goal of sending victims to an infected page, the malvertising attack fails to accomplish it’s intended purpose. The malvertising ads, while sophisticated enough to bypass traditional security methods, become just a nuisance without the landing page threat effectiveness.
SEER threat detection technology enables our products to prevent users from ever reaching the malicious websites. SlashNext detects all six major categories of phishing and social engineering threats, including:
- Credential stealing
- Phishing exploits
- Social engineering scams
- Rogue software
- Phishing callbacks (C2s)
Start a free 15-day trial of Real-Time Phishing Threat Intelligence or contact us for a demo of our Targeted Phishing Defense to see how you can protect your organization from straight to browser Malvertising attacks.