Several prominent news outlets, including BBC, MSN, AOL, and the New York Times, have fallen victim to a series of malicious ads that attempt to impose malware onto the sites’ visitors.

According to Malwarebytes, other sites with similar coordinated malware attacks include sites like Newsweek, TheWeatherNetwork, and NFL.com.

While the total number of individuals impacted by these attacks is currently unknown, it has been said that some of the larger websites attacked have over 100 million visitors a month, leading experts to believe a campaign of this nature is likely exposing tens of thousands of site visitors over the past 24 hours alone.

Cyber criminals appear to be targeting high-traffic, trusted sites looking to trick site visitors to click on what’re generally trusted ads.

Malvertising occurs when cyber criminals create ads that appear legit, but in reality, the ad spreads malware throughout your entire computer by hiding a small piece of code deep in the script. Once the ads clicked, the computer is connected to the criminals’ servers, and the malware is downloaded.

This type of attack has grown in popularity over the past few years, with research from RiskIQ indicating a 300% increase between 2014 and 2015. This type of attack is relatively easy to execute and allows for even the most immature hackers to infect your systems. To date, the most common disguise in malvertising has been fake Flash updates.

These cyber criminals are also employing harmful ads to trick surfers to click on links and install ransomware, an increasingly profitable attack type that has been exceedingly affecting web users. In fact, a report released by Intel found that ransomware increased by 127% in the last year alone.

In 2015, malvertising gained popularity amongst cyber criminals as a common method for ransomware distribution, falling just behind that of phishing scams. This means of attack can strike at any time and is often placed into click-baiting articles on popular websites. Essentially, a user clicks on a video, article, etc., and suddenly becomes confronted with a screen stating all your files, photos, and encrypted data have been one-way encrypted and will be held ransom until a ransom fee is paid.

This newest malvertising campaign strategically avoids systems with common security software, and the malware itself requires weak versions of software to exploit. To that end, it’s important than web users maintain basic security hygiene and install security updates to better protect you.

From an enterprise standpoint, reliable threat intelligence needs to be implemented to disturb any malware that enters the arena. It’s important to implement a layered security approach to your IT estate, and by working with NNT, your organization will be able to adopt a ‘layered and integrated approach’ to security that incorporates the right process, methodology and set of tools in order to guard your IT environment against today’s ever-evolving threat landscape.

With NNT's Change Tracker Gen7, your organization will come equipped with File Integrity Monitoring, compliance management, system hardening, threat intelligence & security configuration management all powered by Intelligent Closed-Loop Intelligent Change Control, all working to make your IT estate as secure and compliant as possible.

 

Read this article on InfoSecurity Magazine

 

 

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.