KnowBe4 issued a statement over the weekend warning IT managers of a new blast of ransomware infections caused by malvertizing, misusing publishing network Adspirit.de. This network is used by companies such as Drudgereport.com, Weather.com, wunderground.com and has apparently spread to eBay and AOL.com, sites visited by millions of users according to security researchers at MalwareBytes and reported by SC Magazine.
According to KnowBe4 CEO Stu Sjouwerman, “The same cybercrime lowlifes that infected the Yahoo website a few weeks ago have struck again, and were serving poisoned web ads which either dropped CryptoWall ransomware or infected the PC with adware.”
Most employees who browse the web during the day or over lunch do not understand the mechanics of modern ad networks. Once an ad network is subverted, hundreds of millions of poisoned ads are displayed in real-time. Many of these ads initiate a drive-by attack without the user having to do anything. The attack does a few redirects, kicks in a U.S. and Canada-focused Exploit Kit which checks for vulnerabilities (usually in Flash) and infects the workstation literally in seconds.
According to Sjouwerman, this is a hard one to defend against, because it can be hidden behind an SSL to Microsoft’s Azure Cloud, making it difficult to detect. Cybercriminals attempt to fool the ad network into thinking they are a legit advertiser, but the ads which are displayed on major websites are poisoned. If someone then browses to a page with a poisoned ad on it, it is enough to run the risk a PC will be encrypted with ransomware, which costs an average of $500 dollars to get files back.
Sjouwerman encourages IT managers to warn their staff and help them understand how such ad poisoning works so users are protected in any type of environment. Sjouwerman further advises, “First, disable Adobe Flash on your computer – or at least set the Adobe Flash plug-in to “click-to-play” mode – which blocks the automatic infections. Second, keep up-to-date with all the security patches and install them as soon as they come out. Third, download and install Ad Blocker plug-ins for your browser, these prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular, hundreds of millions of people use them.
In an organization’s network, you could: 1) Get rid of Flash all together, or 2) Deploy ad blockers using group policy. There are free solutions such as Adblock Plus in Chrome which work well and can help protect a network.”
For more information visit: www.knowbe4.com
