Malwarebytes researchers recently came across a malvertising attack on the dating site PlentyofFish (POF.com), which boasts more than 3 million active daily users.
The malicious ads, according to Malwarebytes senior security researcher Jerome Segura, go through multiple redirects using the Google URL shortener goo.gl before loading the Nuclear exploit kit. “While we see this mechanism quite frequently within our telemetry, it is particularly difficult to reproduce it in a lab environment,” Segura wrote in a blog post detailing the attack.
Menlo Security CTO Kowsik Guruswamy told eSecurity Planet by email that despite a steady increase in the number of malvertising attacks, the recommendations seem to remain the same: just patch your systems and keep your anti-virus solution updated.
“But keeping systems patched and AV updated doesn’t protect against zero-day attacks, and given the rate at which new zero-days are being introduced, we’re are going to have to look for more innovative ways to protect ourselves,” Guruswamy said.
And according to a Cyphort Labs report released today entitled “The Rise of Malvertising,” the number of malvertising attacks carried out by hackers increased by 325 percent in the past year.
“Malvertising is likely to become the most favorable vector for cyber criminals to conduct sophisticated drive-by attacks on Internet users with some degree of selective targeting,” the report states. “For example, they can choose hosting sites to target victims by industires and interest groups; they can further select individuals by geo locations and client machine types, and so on. These allow them to be selective in targeting and be stealthy against common detection tools.”
“Combating malvertising requires vigilance and best practices from all parties involved, the Web property owners (hosting sites), ad networks, and Web surfers,” the report adds. “Only a secure ecosystem can provide a sustainable and safer cyber space.”
The report suggests taking the following steps to fight malvertising attacks:
- Advertising networks should use continuous monitoring that utilizes automated systems for repeated checking for malicious ads.
- Scans should occur early and scan often, picking up changes in the complete advertising chains instead of just ad creatives.
- Ad networks should leverage the latest security intelligence to power their monitoring systems to stay up to date with global threats.
- Individuals should avoid “blind” surfing to reduce their exposure to drive-by infection. Keeping your computer system and security software patched … will go a long way in protecting you when you do have to venture in the “dark night.”