It’s safe to assume that most people naturally trust popular websites. They expect their visit to be free of viruses, bugs, and other forms of malware. And for the most part, this is usually how things play out.
For example, you could go from Target to Amazon to Business Insider and never think twice about the security implications. These guys want you to come back to their site, and they have the money, understanding, and resources it requires to provide consumers with a secure browsing experience. So of course, why would you ever think twice about anything other than what you put inside your shopping cart?
Exactly. Except… this exactly isn’t so ‘exactly’ anymore. And remember how up above we said this is usually how things play out? Yeah, that’s probably an important piece to note.
Just within the last month, popular sites like PerezHilton and Google’s Blogger have been hit with yet another wave of Malvertising. We say ‘yet another’ because it legitimately feels like the online world has been ruthlessly tsunami-ed over and over again by Malvertising for the last two years straight.
From the Daily Mail to New York Times to NFL.com, a ton of major websites have become victims of Malvertising, and each attack has negatively impacted trust in the online world. Just look at the latest wave. PerezHilton, with nearly 500,000 visitors a day, potentially subjected millions of people to the Angler exploit kit. And since Malvertising is incredibly sneaky, these unfortunate visitors didn’t really have to do much to be infected with ransomware. All it ever really takes is one click – accidental or not.
In case you’re a little lost, Malvertising is orchestrated through online ads. When the ad space is purchased, it is done so under false pretenses. The hackers create a legitimate-looking ad and then place malicious code inside it. Depending on the skill of the hackers and the desired end result, infection can play out in a variety of ways.
You could potentially be infected just by visiting the website – which means you don’t need to click on anything to be infected… which is entirely frightening. The malicious ad crawls your browser and attempts to exploit vulnerabilities. If a vulnerability is found, the hacker can use this hole to infect your system with malware.
If you do happen to click on the corrupt ad, the end result in this case is usually ransomware – which is malware that locks your data. If this fate befalls you, then you’ll have to pay a fee to gain access to the decryption key that will unlock your data. This whole process is entirely unpleasant, and ransomware is usually difficult (if not impossible) for an IT company to remove. In other words, you should avoid Malvertising at all costs.
Here are a few quick tips on how to avoid Malvertising, ransomware, and all that other stuff in-between.
Keep everything up-to-date.
If you have no vulnerabilities, then your chances of contracting malware are relatively slim. Keep your browser, software, and OS up-to-date at all times.
Stay away from sketchy websites.
The more established the website is, the better off you should be. Although this is not always the case (as we have already discussed), your infection rate should still be considerably lower.
Use a layered security solution.
If you have nothing, then you will get nothing. It’s really that simple. Implement a layered security solution and make sure it’s proactive, modern, and strategic.
Adjust your browser settings.
Get to know your browser’s security settings. Don’t just assume they’re good to go because odds are they aren’t. And it’s highly recommended to enable “click-to-run” so that Flash ads don’t play automatically.
If you’d like any additional tips on how to avoid Malvertising, reach out to us. We’d be happy to give you some pointers.
