Sites with a collective monthly readership of over 2.4 billion have been spotted playing host to unwanted guests -namely ads which send visitors to sites that host the angler exploit kit. Oh dear.
The subsequent mawlare infections could have dire consequences for end users, who ma find their files being held to ransom, having been encrypted by hackers who won’t decrypt the iles unless they’re paid a certain amount of Bitcoins. Reports tell us so far that the Cerber ransomware has been the most popular piece of ransomware to be distributed by this malvertising campaign.
Tens of thousands may have been infected, with Trend Micro, Trustwave and Malwarebytes having all come across instances of the campaign. Affected networks included those owned by Google, AppNexis, AOL, and Rubicon. The attacks are flowing from two suspicious domains, including trackmytraffic[c],biz and talk915[.]pw.
We spoke to Fraser Kyne, Principal Systems Engineer at Bromium, who told us that malvertising is effective because hackers can focus on certain demographics to maximise their success, as well as co-ordinating these attacks to have tremendous volume. Ransomware is such a big problem at the moment because “The online advertising model is such that ad networks simply cannot verify the validity of each and every advertisement it serves, which ultimately passes the cost of security onto security teams. Most of these adverts are flash, basically enabling complicated things to be done within the environment of the webpage and really rely on the very fragile security of the flash, the flash engine and the browse. With this level and amount of code, and the complexity of it, it is very challenging to secure”, explained Kyne.