lolloj - Fotolia

BlackHat 2015: RiskIQ reports huge spike in malvertising

Digital ads have become the preferred method for distributing malware, according to security firm RiskIQ

Malicious advertising (malvertising) has increased by 260% in the first half of this year compared with the equivalent period in 2014, according to security firm RiskIQ.

At the same time, the number of unique malvertisements has climbed by 60%, the company revealed in a report released to coincide with the BlackHat USA 2015 security conference in Las Vegas.

Malvertising refers to criminally-controlled adverts that look legitimate but spread malware using a tiny piece of code hidden deep in the advert that connects a victim’s computer to criminal servers.

The RiskIQ report comes just a day after security firm Malwarebytes revealed that its researchers had uncovered a large-scale attack abusing Yahoo!’s own ad network that started on 28 July 2015.

“As soon as we detected the malicious activity, we notified Yahoo! and we are pleased to report that they took immediate action to stop the issue,” wrote Jerome Segura, a senior security researcher at Malwarebytes Labs. “The campaign is no longer active at the time of publishing this blog.

“According to data from SimilarWeb, Yahoo!’s website has an estimated 6.9 billion visits per month, making this one of the largest malvertising attacks we have seen recently.”

The RiskIQ report is based on the firm’s daily analysis of nearly two billion publisher pages and 10 million mobile apps, which also shows that fake Adobe Flash updates have replaced fake antivirus and Java updates as the most common lure in malvertisements for tricking victims into installing malware.

In 2014, the report said there was significantly more exploit kit activity that silently installs malware without end user intervention than fake software updates that require user consent.

Read more about malvertising

“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said Elias Manousos, chief executive and co-founder of RiskIQ. 

“There are a number of reasons for this development, including the fact that malvertisements are difficult to detect and take down since they are delivered through ad networks and are not resident on websites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”

The rise of programmatic advertising, which relies on software instead of humans to purchase digital ads, has generated unprecedented growth and introduced sophisticated targeting into digital ad networks, like Yahoo’s.

According to RiskIQ, this machine-to-machine ecosystem has also created opportunities for cyber criminals to exploit display advertising to distribute malware. For example, malicious code can be hidden within an ad, executables can be embedded on a webpage, or bundled within software downloads.

Read more on Hackers and cybercrime prevention