Cyber Insiders-v8-web - Flipbook - Page 13
What is Malvertising?
M alvertising orm alicious advertising is a type of
cyberattack thathides infected code in digitalads or
links to program s posing as legitim ate softw are.It’s
problem atic because it’s hard forboth internetusers
and ad publishers to detect.These m alvertising ads
do a good job ofim personating brands dow n to the
sm allestdetails.
Typically,these ads are presented to users via
legitim ate advertising netw orks and because these
ads are often show n to allw ebsite visitors,virtually
every page visitoris atrisk.The m alw are is so w ell
m asked in a cloak oflegitim acy,users often don’t
hesitate to click.
O nce clicked the concealed m alw are w illinstallon
the user’s com puter,w here itcan stealtheirdata or
execute an exploitkitto scan the entire system for
exploitable vulnerabilities orw eaknesses.Like any
otherm alw are,itcan dam age files,m onitoruser
activity oreven establish backdooraccess points.
M alvertising attacks in an enterprise setting can
grantthreatactors a sneaky entry pointto the
organisation’s netw ork,from w here they can then
launch a m ore devastating attack.Ithas becom e
m ore ofan issue forbusinesses in the age ofrem ote
w orking.W hetherit’s to use com m unications tools,
collaboration platform s,orto access data,m ost
em ployees need to be online.
HOW CAN ORGANISATIONS PROTECT THEIR USERS AND SYSTEMS
FROM THE THREAT OF MALVERTISING?
1
Deploy ad blockers
3
In enterprise environm ents ad-blockers w hen
used in com bination w ith a w eb proxy,can
preventem ployees being exposed to m alicious
ads and barthem from accessing risky w ebsites.
Ensure thatallsoftw are and extensions,
including w eb brow sers,are up to date.It’s also
bestto ensure com pany devices avoid using
Flash orJava w here possible and notperm it
these program s to run autom atically w hile
users are online.Ifad-blockers are deployed,
they should be updating autom atically to
dow nload the latestversions ofblocklists.
As a basic safety precaution againstm alvertising,
businesses should ensure thatapproved and
vetted ad-blocking softw are is enabled on all
the devices they issue to theirem ployees.
2
Provide cybersecurity training to
your employees
G ood cyberhygiene and training is key
to stopping em ployees from accidentally
unleashing m alw are on yoursystem s.
Em ployees should be m ade aw are ofyour
com pany’s softw are policies and alertthem
to the prevalence ofthese adversary tactics.
C YBER IN SID ERS M AG AZIN E - Vol.2
Keep software up to date & digital
environments well maintained
4
Deploy or configure a web proxy
that can block malicious domains
or web content
A w eb proxy serveris a system thatprovides
a gatew ay betw een users and the w eb.W eb
traffic proxies encryptyourw eb requests to
protectthem from prying eyes and can help
protectyourbusiness com m unications.Proxy
servers also w ork to preventintrusions from
orconnections to know n m alw are sites and
can flag potentialissues caused by users’w eb
brow sing and unsafe content.
Page
|
13