Evolving Malvertising Threats: How Cybercriminals Are Exploiting Online Ads

A simple online search can lead to more than just information— it could expose you to the latest trend in cybercrime: malvertising. What was once a nuisance has now become a significant threat, with cybercriminals deploying increasingly sophisticated schemes to deceive consumers and corporate employees alike.

Recent data highlights this alarming rise in malvertising incidents. Cybersecurity firm Malwarebytes reported a 42% increase in malvertising campaigns in the U.S. this year alone, targeting not only everyday internet users but also businesses. The implications are clear: malvertising is no longer just about duping the average user; it's now a gateway for sophisticated cyberattacks, capable of breaching corporate defenses.

A growing threat: malvertising's new tactics

Malvertising, or malicious advertising, involves cybercriminals embedding malware or phishing traps in online ads. These can appear as seemingly legitimate sponsored ads on search engines like Google or as banners on trusted websites. What makes today's malvertising particularly dangerous is the level of sophistication attackers are employing.

One of the most concerning trends is the increase in corporate-targeted malvertising. Hackers are exploiting employees' trust in their workplace tools and portals by mimicking official-looking ads that lead to phishing pages. For instance, in a recent case, a Google ad posed as a legitimate Lowe's employee portal, luring staff to a fake login page that could harvest credentials. Similarly, ads mimicking well-known corporate tools like Slack have been reported, where initial clicks appear harmless, but later steps encourage users to download malicious software. Sponsored ads for popular search keywords such as Apple or Microsoft Support are exploited to trick consumers into clicking malicious sponsored advertisements.

These examples demonstrate how malvertising can infiltrate corporate environments, bypassing traditional security filters that might not flag an ad served through a trusted search engine or site.

Search engines: a gateway for cybercriminals

One of the key reasons malvertising is thriving is that many users implicitly trust the ads they encounter on major search engines. A Google search is routine for most of us, and when we see a sponsored link at the top of the results, we naturally assume it's safe. But that's no longer a reliable assumption.

Cybercriminals have become adept at creating ads that look indistinguishable from those of legitimate companies. These ads are often approved by ad networks before being caught, if ever, leaving a window of opportunity for hackers to ensnare unsuspecting users. It's important to note that this issue is not limited to Google. Search engines such as Microsoft's Bing and even ads served through social media platforms are similarly exploited.

To protect against these threats, users should practice extra vigilance. While one key tip is to avoid clicking on sponsored ads altogether, it can be difficult to implement practically. The first organic link under the ad is often the legitimate site you're seeking, and it's less likely to be a target of cybercriminals.

Corporate employees: the new target for malvertising

The corporate sector has become a prime target for malvertising campaigns, with attackers focusing on internal portals and widely used business tools. Employees, especially those working remotely, are frequently targeted because they often use search engines to access internal sites or tools. With a quick glance, an employee might mistake a well-crafted malicious ad for an internal login page, exposing the company to phishing attacks or malware.

A key example of this is the fake Lowe's employee portal, where an ad led users to a phishing site designed to harvest credentials. Many employees aren't familiar with the exact URLs of their company's internal portals, making them more susceptible to these traps. The damage from such attacks can extend beyond individual employees, as they provide cybercriminals with an entry point into corporate systems.

To combat these threats, companies must invest in robust security awareness training. Employees should be trained to double-check URLs before clicking on any search ad, especially for internal tools, and to report suspicious ads immediately.

Protecting yourself and your organization: best practices

As malvertising becomes more sophisticated and prominent, CISA.gov has published helpful tips to consider. However, organizations need a more comprehensive approach. Here are key steps to protect against corporate-targeted malvertising:

1. Employee Training: Educate your workforce on the dangers of malvertising and how to spot phishing ads or suspicious URLs. Employees should be skeptical of any ad they encounter while working, especially for internal tools or portals.
2. Browser Security Controls: Implement security measures like ad-blockers or browser extensions that filter out malicious ads before they can reach your employees. New classes of browser security strategies can perform deep content inspection in real time and block malicious sites.
3. Monitoring and Reporting: Encourage employees to report suspicious ads to your IT team. Cybercriminals evolve their methods constantly, and being proactive is key to staying ahead.
4. Third-Party Security Tools: Companies can also deploy DNS security tools designed to block known malicious sites.

Vigilance in the face of a growing threat

Malvertising may not be new, but its resurgence and increasing sophistication make it a serious threat to both consumers and businesses. As cybercriminals find new ways to exploit online ads, it's crucial for everyone—from individuals to corporate security teams—to stay vigilant and take proactive steps to protect against these attacks.

By following basic precautions, educating employees, and using the right security tools, both individuals and companies can reduce the risk of falling prey to malvertising schemes. In today's digital world, the simple act of clicking on an ad could be the first step in a cyberattack—don't let it be yours.

Source: SecureWorld | Kenneth Moras