Did you know that a malicious advertisement could look exactly the same as a legitimate one?
Malware is constantly changing as cybercriminals look for new methods to wreak havoc on website owners and visitors. One of their main tactics is malvertising — tricking visitors into downloading malware disguised as online ads — which can cause problems for both your business and customers. Cybercriminals carry out malvertising cyberattacks in two ways: They either inject malicious code into legitimate digital ads, or they create fake ads and distribute them through ad networks.
It’s easy for an end-user to fall victim to a malvertising attack. Because these devious ads have the same look and feel as legitimate ones, the illicit ads can slip by security checks during the approval process. Once someone clicks the infected ad, it starts a malicious download process and ultimately infects the user’s computer.
Cybercriminals also deploy malvertising attacks through the “drive-by download” tactic. With this method, users’ computers are infected as soon as the ad loads from the offending website — all without clicking on anything.
How Malvertising Can Affect Your Business
Malvertising can affect small businesses in a variety of ways. Employees might unintentionally download malware on a company computer, thereby granting cybercriminals access to sensitive company data. An attack like this could have severe consequences, including ransomware attacks.
Additionally, customers could click on a malicious ad featured on your website and infect their computers. This type of malvertising breach can damage your business’s reputation, erode customer trust and limit future revenue.
Malvertising is an increasingly popular tactic for cybercriminals — some estimate that as many as 1 in 100 ads are malicious or disruptive. Online ads are so ubiquitous that users don’t think twice about clicking on them while casually browsing. A cybercriminal group known as ScamClub was able to leverage this tendency last year to overtake more than 300 million browser sessions using fake ads.
How to Protect Your Business From Malvertising
Malvertising is widespread, and cybercriminals are skilled at evading detection. It’s imperative that you take proper measures now to protect your website and its visitors. The following four steps can help:
1. Choose your ad networks carefully.
Malvertising is more likely to end up on ad networks with lax security standards and poor monitoring practices. When choosing an ad network, consider only reputable and Google-certified options. You can also review each network’s client list or website to see if it works with any well-known companies. Vetting partners might not prevent malvertising completely, but it can help reduce the risk.
2. Implement a content security policy.
A content security policy, or CSP, can control which domains are able to host content on your website. It will prevent unauthorized scripts from running, which means users won’t unknowingly download malware from your site. Google’s guide can help you understand what a CSP is and how to implement one.
3. Practice security and awareness training.
Educated employees are valuable assets within your business because they can act like human firewalls. You can curb future attacks by training your employees to identify the signs of malvertising. You’ll also want to explain the consequences of malvertising, which should encourage everyone to prevent the infection of company devices and avoid phishing and ransomware attacks.
4. Maintain your local machines.
between malicious and legitimate ads is challenging, but finding and removing malvertising is even
harder. Maintaining proper security hygiene on your local machines is a great
way to protect your site and visitors before any damage is done.
Install anti-virus software on local machines to identify and block malvertising attacks. Then, remove browser plug-ins and make sure the operating system is updated on each machine. It’s also a good idea to install ad-blocking software on company computers to reduce the risk of employees clicking on malicious ads.
As malvertising becomes increasingly popular among cybercriminals, small businesses must take a proactive approach to prevent these attacks. Follow the steps above to vet your ad network, implement a content security policy, educate employees and maintain your website and company devices. This approach will give you the best shot at preventing malvertising attacks and the harmful impact they can have on your site and customers.
Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps and access to a massive global dataset makes the company a leading innovator in web security.