A new internet hazard has manifested itself with a level of obnoxiousness and inconvenience that is remarkable, and considering the field of competition, that’s really saying something.
The hazard in question is called malvertising, and it’s as bad as it sounds. No, it’s worse. Fortunately, there are measures that you can take to protect yourself and your business from this destructive nuisance.
But First, A Definition
The word “malvertising”, depending on who you talk to, is a combination of either “malicious” or “malware”, and the word “advertising”. Mundane, harmless online advertising already has a lot of potential of being annoying, but malware is annoying AND destructive.
Malvertising happens when hackers embed their malware, in the form of ads, on what are otherwise considered safe and reputable sites. Maybe the ad is a fake software update or a bogus new antivirus program. Whatever form it takes, the malvertising plants the infection, leaving the user and system vulnerable to further breaches and calamities such as identity fraud.
As if this wasn’t bad enough, users don’t even have to click on the ad. In what’s called “drive-by downloads,” the victim gets infected just by loading the web page. The malvertising contains links secretly embedded in lines of code, which then make browsers get software from bad web pages, all without the user being the wiser.
So yes, even not clicking one of these ads is not an adequate defense. Scary, isn’t it?
How Can This Happen?
According to the article “Introducing The New Enemy Of Your Secure Network: Malvertising”, this particular plague is possible because of advertisement distribution. Reputable websites often use third-party ad servers, and if those servers get compromised with an ad that has hidden code, the customer site ends up hosting a malvertisement.
What Can Be Done About Malvertising?
If you have your own business or are working in the IT department of a larger company, the issue of malvertising is going to be near and dear to your heart. If this trend continues, it’s a problem that you’re going to have to face a lot more often. Here are some steps you can take to mitigate the threat.
Adopt A BYOD Policy With Teeth. If your firm allows employees to bring their own devices, make sure that there’s a coherent policy in place, and everyone is abiding by it. The BYOD policy should mention malvertising and warn against things like “fat-finger syndrome”, which is what happens when mobile users accidentally hit an unwanted link, usually for an ad. Naturally, clicking on ad banners and other questionable sites should be strongly discouraged.
Educate People On The Most Common Points Of Entry. Malvertising manifests itself more often through pop-up ads (especially for obscure or shady products like bogus media players), banner ads, and third-party advertisements. Users at your business should be made aware of these, and be discouraged from clicking on them when using work computers.
Make Sure Everything Is Updated And Current. If all of the systems in your company use the same web browser and employ the same firewall security bundle, make sure that they are all up to date, upgraded to the latest versions.
Consider Ad-Blocking Plug-Ins. Although this can potentially put a dent in the revenue from legitimate ads, this measure may be needed if the problem has grown out of control. Many web browsers have ad-blocking plug-ins available, and it may come to this.
Unfortunately, no set of security measures can provide you with 100% infallible protection. But that doesn’t mean you can’t at least make things a lot tougher for the hackers out there.