• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Malware   »   Ad-blocking Could Kill Malvertising, but Beware the Resourceful Cybercriminal

Ad-blocking Could Kill Malvertising, but Beware the Resourceful Cybercriminal

  • Posted on:December 16, 2015
  • Posted in:Malware, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
1

The threat landscape is notorious for its volatility. Specific threats popular with the black hats one year might be eschewed the next, for any number of reasons. Trend Micro predicts that one of the most successful infection vectors around – malvertising – might finally be on the way out in 2016 thanks to a rise in awareness and increased availability and use of ad-blocking technology.

But beware: cybercriminals are a resilient bunch and when one door closes, another is always opened to compromise unsuspecting internet users via a different route.

The problem with malvertising

Malvertising became an increasingly popular method of spreading malware this year, as cybercriminals looked to take advantage of the sheer complexity of the online advertising economy and a lack of adequate security scanning on the part of some ad networks and platforms. By infecting just one ad network – for example a Yahoo or an AOL – they could distribute malware to potentially hundreds or thousands of sites signed up to that network, with as many as billions of monthly visitors. Increasingly they’re using obfuscation techniques to stay hidden longer.

In some cases users have to physically click on an ad to get infected. In these cases social engineering is often used to trick them into doing just that. But a more sure-fire method involves a drive-by-download whereby the user needs only to visit an infected page to begin the malware install. Considering all sites run adverts – from social networks to e-commerce sites, news hubs and more – no-one is fully safe. And it’s not just the end users who are bearing the brunt of this online epidemic. The ad networks suffer a hit to their reputation each time they’re infected, while the website owners are often blamed personally by users who got infected after visiting their pages.

Most recently, we’ve begun to see malvertising campaigns linked to infamous exploit kits like Angler to spread ransomware and other online nasties. A blog run by UK newspaper The Independent was one such site affected by a recent widespread campaign involving the TeslaCrypt ransomware.

Turning the corner

So what’s to be done? Well, we’d always advise users to run advanced anti-malware tools featuring smart sandboxing technology to detect malicious behavior. It’s also important to keep browsers and plug-ins up-to-date to lock down any risk, while file and web reputation can also block the redirection chain and detect payloads.

But another technology could force the malvertisers out of business more quickly. We predict in our latest report, The Fine Line: 2016 Trend Micro Security Predictions, that increased availability of ad-blocking capabilities in vendor products and services, combined with rising user awareness about malicious ads, will kill malvertising. Apple has included it in iOS 9 Safari, for example, and there are many more ad-blockers available in the App Store and on Google Play.

In fact, the PageFair and Adobe 2015 Ad Blocking report reveals a 41% increase in global ad blocking software use in 2015. It grew by an even greater 48% in the US to reach 45 million monthly active users in Q2.

But before we crack open the champagne, things are rarely as straightforward when it comes to the threat landscape. Cybercriminals are all about following the path of least resistance to achieve their goal of making money. In 2016 it’s likely that the malvertising path will be largely blocked off. But that will only lead to them choosing another, easier or more effective route to infect users. This could mean a spike in more traditional watering hole attacks involving drive-by-downloads from popular infected web pages. Or a rise in other threat vectors.

One thing is certain: internet users can’t afford to let their guard down in 2016, even if we can finally say “goodbye and good riddance” to malvertising.

Please add your thoughts in the comments below or follow me on Twitter; @jonlclay.

Related posts:

  1. Major US websites slammed by malvertising
  2. How We Boost the Security of Office 365 by Blocking 3.4 Million High-Risk Email Threats
  3. Malvertising: Silent but Deadly
  4. Advising You about Malvertising

Security Intelligence Blog

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Skimming and Phishing Scams Ahead of Black Friday and Polish Hacking Team Wins Capture the Flag Competition
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.