Malware, short for “malicious software,” refers to any software intentionally designed to cause damage to a computer, server, client, or computer network. Malicious advertising, known as malvertising, is the evil twin of online advertising. It’s ads might appear legitimate but actually direct people to harmful sites that distribute viruses and malware or steal credentials. Here’s some helpful tips on what it is, how it works and how to protect your business from malvertising.
Why It Matters and How it Works
An ad may seem safe since it appears on a legitimate website or it came up in search engine results. However, like any business, cybercriminals have budgets and spend money to make money. Some of that goes to advertising, as a way to scale their criminal enterprise. Cybercriminals buy ad space on advertising networks which then present them on trustworthy mainstream websites and search engines. In fact, the ad might even say that it's for a legit brand but directs users elsewhere. Their goals are to get an unsuspecting victim to give up sensitive information to sell to other cybercriminals or to install malicious software to initiate a money scam.
Attacks often occur in multiple stages and can be very difficult to defend against with security tools alone. For instance, a bad actor creates a realistic-looking message that tells you to contact “tech support.” This number goes to a scam call center where a real person tells you to install their remote control software. Then they are in and have full control of your device!
Remote Control Tools Weaponized
Your IT vendor or team may use remote control software for legitimate purposes. Unfortunately, bad actors have turned to those tools as well. Installing that software gives them permission to control your device. They can steal secrets, install malware, and might even be able to access other devices on your network, like a coworker’s computer or business-critical servers.
In 2023, researchers at eSentire noticed that the BlackCat ransomware group were launching Google Ad-based malvertising campaigns in an effort to find a way in to corporate networks. The attackers used paid adverts for software such as Slack, Advanced IP Scanner, WinSCP and Cisco AnyConnect to convince corporate users to click on download links. Business users who did click the links had the Nitrogen malware downloaded onto their machines. Once in place, Nitrogen, paves the way for the launch of BlackCat ransomware.
How Malvertising Impacts a Business
Malvertising can have a devastating impact on your business. Here’s some of the most common consequences of a successful attack:
Reputation Damage: If a business's website displays malvertisements (malicious advertisements), it can harm the business's reputation. Customers may lose trust in the company, believing the site is unsafe or that the company does not care about security.
Financial Loss: Businesses may face financial repercussions, including fines or legal fees if they are found responsible for distributing malware. Additionally, the costs associated with cleaning up after a malvertising attack, such as IT support and system recovery, can be significant.
Loss of Customer Data: Some malvertising attacks aim to steal sensitive customer information, such as personal details, login credentials, and payment information. This can lead to data breaches, which are costly in terms of both remediation and the potential loss of customers.
Operational Disruption: Malvertising can lead to disruptions in a business's operations. For example, malware might disable key systems or encrypt important data, resulting in downtime and lost productivity.
Legal Liability: Companies that fail to protect their users adequately might face legal consequences. This could include lawsuits from affected customers or penalties from regulatory bodies for failing to comply with data protection laws.
What to Look for
As malvertising becomes increasingly more common, it’s important to know where and what to look for when browsing the internet. Watch out for ads on look-alike domains, or ones that promote unrealistic promises, a sense of urgency, or ones that have spelling and grammatical errors. Here’s some other tips to keep your business safe:
Check the URL: Always check the URL of the ad for where it goes, even though it might look safe. Simply, hover over the link first. Also, malicious landing pages can look like a legit site, so be sure to verify that it's the actual website intended to visit.
Never Install Software: Unless instructed by or approved by your IT vendor or team. If prompted to install something, contact IT first to check if it’s safe or high risk – especially if the person you’re speaking to is being pushy, creating a sense of urgency.
Keep Software Up-to-Date: To prevent your computer from being hijacked, keep your software up-to-date with the latest security patches. A Managed Service Provider (MSP) can help with this!
Security Awareness Training: Offer employees ongoing security awareness training to educate them on how to use caution when browsing the web, and be suspicious of advertisements that ask for personal information or that distribute software.
Incident Response Plans: If a compromise is suspected, contact your IT partner or team right away. They will have an incident response plan in place which could include capturing forensic data and working with third parties, like your cybersecurity insurance providers. It’s best to reach out to them as soon as possible.
Attackers are always looking for ways to get around security tools and they only have to be right once to succeed in an attack. Just because your security tools haven’t flagged something as malicious, doesn't mean it's safe. Employees are the first and last line of defense. By partnering with an MSP, you can get the help you need to prevent malvertising at your business. Reach out to us to learn more about our Managed Security Services.