• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Major US websites slammed by malvertising

Major US websites slammed by malvertising

  • Posted on:April 11, 2016
  • Posted in:Industry News
  • Posted by:
    Noah Gamer
0
Malvertising is affecting many big name sites.

A major malvertising campaign aimed at a list of prestigious websites has infected tens of thousands of users. Big names like the New York Times and BBC became relays for cyber attack recently, prompting many people to question the notion that malvertising campaigns compromise only those who visit less-than-reputable parts of the Web. 

Although many of these sites have eradicated the threat, this is yet another example of the steadily-increasing level of sophistication within many modern hacks. People expect their machines to be infected by sketchy websites, and as such hackers have had to change their tactics.

The Angler Exploit Kit was involved

Trend Micro researches have determined that the cyber criminals behind this attack utilized the Angler Exploit Kit in order to compromise the computers of users who visited these sites. When the victim clicked on one of the infected websites, the malvertising hidden on that site kicked in and rerouted traffic to one of two servers. One of these servers was set up with Angler, which went on to exploit vulnerabilities in certain types of software. Microsoft Silverlight and Adobe Flash are two of the most common weak points that hackers like to move through. 

Although the BBC was one of the sites involved, it would appear that U.S. users were the main target. What's more, the intensity of this attack massively affected overall Angler activity. Trend Micro observed about 8,000 instances of Angler exploits in the U.S. on March 9, 2016. By March 13, just after the campaign was initiated, this number had spiked to 18,000. 

The merger of the Angler Exploit Kit and malvertising isn't new, but it's use on such a large and far-reaching scale is indicative of hackers getting bolder in their attacks.

What does this trend mean?

While the immediate ramifications of infected computers are certainly nothing to scoff at, malvertising as a whole has consequences that go far beyond individual computers. In fact, the advertising industry as a whole is being affected by this trend. It's a trickle-down effect that begins with the actual money lost on these malicious ventures. 

Brian O'Kelley, Forbes contributor and CEO of ad technology company AppNexus, stated that malvertising is costing the advertising industry quite a lot of money. In fact, every year advertisers lose more than a $1 billion to these kinds of attacks. That's quite a large sum to lose due to such a malicious act, but it's just the beginning. 

After this, the companies that unwillingly distributed these campaigns are instantly branded as unsafe by many consumers. Cyber attacks are known for decreasing an organization's customer-facing reputation, regardless of how many precautions they take after the incident occurs. No one wants to put themselves in a cyber criminal's cross hairs, and avoiding previously infected sites is a simple way of doing so. Sadly, this only punishes sites for doing nothing wrong in the first place. 

How can users protect themselves?

Although this recent malvertising campaign is showing that even the big sites aren't safe from hackers, there are a few things users can do to mitigate the risk of infection. Again, Flash and Silverlight are pieces of software that hackers love to exploit. These systems are outdated and have a lot of holes that cyber criminals can access with the right knowledge. Using other programs is ideal where possible. 

Aside from this, users should make sure that all of their software is updated. While taking the time to download the newest version of a piece of software may seem like a waste of time, it actually does a lot to plug previous vulnerabilities. Doing so will seriously decrease the chances that an attack such as this will infect an intended victim's machine. 

Related posts:

  1. Advising You about Malvertising
  2. Ad-blocking Could Kill Malvertising, but Beware the Resourceful Cybercriminal
  3. How to deal with fake websites
  4. Ads on websites are dangerous to more than your sanity

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.