Criminals continue to infect millions of
consumers by exploiting programmatic ads despite the efforts of some publishers
and platform providers that use blockers
to help prevent bad ads from souring user experience. However, The Media Trust has
discovered that cybercriminals have found new ways to bypass those blocker
defense solutions and execute their malicious code, while staying under the
radar of security teams.
These commercial blocking
solutions use scripts designed to detect and obstruct malicious domains and are
often installed in a content delivery network. Researchers found that ad
blockers might not be the complete solution to the malvertising problem.
“Recently, The Media Trust Digital
Security & Operations (DSO) team prevented bad ads from executing on a
publisher’s website, protecting their audience of 900,000 per week from
infection,” Chris Olson, CEO, The Media Trust wrote in a blog post.
Despite the client’s use of
malware blocking solutions, malware slipped through the blocker’s cracks in
“dq6375rwn2aoi.cloudfront.net,” a known malicious domain. “It was
disguised in a cloak of additional code that made it unrecognizable and
unreadable, a process called obfuscation."
Malvertising drives up the costs of the
US digital marketing, media and advertising industry by more than
$8bn each year, according to our separate email
interview with Olson. “Not surprisingly, many companies have turned
to products that promise a quick fix, and blocking solutions are one example.
“No sooner than these
solutions hit the market do bad actors begin stepping up their game with
malware that can work around them and persist, often to conduct a multi-phased
attack. One technique used in about 90% of mobile redirects is obfuscation –
padding malware code with more code so blockers can’t recognize it. When
malware is obfuscated, blockers fail to detect and thwart them.”
The Media Trust found that
another deterrent to many blockers’ effectiveness is the lag between the time
that new malware hits the ecosystem and the time that blocker data is updated,
which is on average about every three to five days. “If a new attack occurs
every 30 seconds, at least 8,000 attacks occur between updates. A single attack
can infect from one to millions of victims.”
No comments:
Post a Comment