The threat landscape is notorious for its volatility. Specific threats popular with the black hats one year might be eschewed the next, for any number of reasons. Trend Micro predicts that one of the most successful infection vectors around – malvertising – might finally be on the way out in 2016 thanks to a rise in awareness and increased availability and use of ad-blocking technology.
But beware: cybercriminals are a resilient bunch and when one door closes, another is always opened to compromise unsuspecting internet users via a different route.
The problem with malvertising
Malvertising became an increasingly popular method of spreading malware this year, as cybercriminals looked to take advantage of the sheer complexity of the online advertising economy and a lack of adequate security scanning on the part of some ad networks and platforms. By infecting just one ad network – for example a Yahoo or an AOL – they could distribute malware to potentially hundreds or thousands of sites signed up to that network, with as many as billions of monthly visitors. Increasingly they’re using obfuscation techniques to stay hidden longer.
In some cases users have to physically click on an ad to get infected. In these cases social engineering is often used to trick them into doing just that. But a more sure-fire method involves a drive-by-download whereby the user needs only to visit an infected page to begin the malware install. Considering all sites run adverts – from social networks to e-commerce sites, news hubs and more – no-one is fully safe. And it’s not just the end users who are bearing the brunt of this online epidemic. The ad networks suffer a hit to their reputation each time they’re infected, while the website owners are often blamed personally by users who got infected after visiting their pages.
Most recently, we’ve begun to see malvertising campaigns linked to infamous exploit kits like Angler to spread ransomware and other online nasties. A blog run by UK newspaper The Independent was one such site affected by a recent widespread campaign involving the TeslaCrypt ransomware.
Turning the corner
So what’s to be done? Well, we’d always advise users to run advanced anti-malware tools featuring smart sandboxing technology to detect malicious behavior. It’s also important to keep browsers and plug-ins up-to-date to lock down any risk, while file and web reputation can also block the redirection chain and detect payloads.
But another technology could force the malvertisers out of business more quickly. We predict in our latest report, The Fine Line: 2016 Trend Micro Security Predictions, that increased availability of ad-blocking capabilities in vendor products and services, combined with rising user awareness about malicious ads, will kill malvertising. Apple has included it in iOS 9 Safari, for example, and there are many more ad-blockers available in the App Store and on Google Play.
In fact, the PageFair and Adobe 2015 Ad Blocking report reveals a 41% increase in global ad blocking software use in 2015. It grew by an even greater 48% in the US to reach 45 million monthly active users in Q2.
But before we crack open the champagne, things are rarely as straightforward when it comes to the threat landscape. Cybercriminals are all about following the path of least resistance to achieve their goal of making money. In 2016 it’s likely that the malvertising path will be largely blocked off. But that will only lead to them choosing another, easier or more effective route to infect users. This could mean a spike in more traditional watering hole attacks involving drive-by-downloads from popular infected web pages. Or a rise in other threat vectors.
One thing is certain: internet users can’t afford to let their guard down in 2016, even if we can finally say “goodbye and good riddance” to malvertising.
Please add your thoughts in the comments below or follow me on Twitter; @jonlclay.