SME Times is powered by   
Search News
Just in:   • RBI hikes interest rates on NRI foreign currency deposits  • RBI raises limit of collateral-free agriculture loans to Rs 2 lakh  • CRR cut to support growth, repo rate decision on expected lines: Industry  • Bhutan King arrives in New Delhi for two-day official visit  • Kejriwal accepts Delhi Assembly Speaker Goel's request for retirement from electoral politics 
Last updated: 07 Jun, 2016  

nilesh-jain-trend-microTHMB.jpg What happens when online ads attack: Malvertising?

fa07062016.jpg
   Top Stories
» RBI hikes interest rates on NRI foreign currency deposits
» CRR cut to support growth, repo rate decision on expected lines: Industry
» 1.45 crore register under PM’s rooftop solar scheme, 6.34 lakh panels installed
» Govt plans to invest Rs 1.08 lakh crore in new tunnel projects: Nitin Gadkari
» I-T Dept imposes penalties worth Rs 1.41 crore for GST violations in Kashmir
Nilesh Jain | 02 Jun, 2016
Google defines 'Malvertising', a term coined from the combination two words, malicious and advertising, as - the use of online advertising to spread malware.  Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

Delving deeper into Malvertising

This is yet another form of cyber-attack gaining prominence in the realm World Wide Web after the widely discussed cyber-attacks like Ransomware etc. Through such attacks, cyber-criminals aim at compromising web browsers and its plug-ins. Embedding attacks in legitimate websites using third party ad networks is becoming an increasingly popular type of Malvertising. However, it is to be understood that the basic problem doesn't lie with the ads. It is the vulnerable software of the PC or the laptop that gets compromised after clicking the link of a malicious ad. Even if all ads vanished from the web overnight, the core problem would still remain.

Classifying Malvertising  

Malvertising can be categorized into two categories, depending upon the way an attacker chooses to attack and compromise systems. One is by attempting to trick you into downloading and running something malicious. The second is by attacking your web browser and related software like the Adobe Flash plug-in, Oracle Java plug-in, and Adobe PDF reader. These attacks use security holes in this software to force your computer to download and run malicious software.

A vulnerable system would allow an attacker to compromise and infect a system by simply visiting a web page with malicious code. The cause of vulnerability in a system could be attributed to two reasons; first could be because an attacker knows a new zero-day vulnerability of the users system. Zero-day vulnerability is basically an uncovered or unprotected vulnerability of a computer's software that hackers can exploit to adversely affect computer programs, data, additional computers or a network. The uncanny name 'Zero-day' has been derived from the fact that once an attacker has exploited the vulnerability, the software coder has zero-days i.e. no time left for any damage control. Moving on, the second reason behind a system's vulnerability could be simply because the user did not install security patches in the system to keep it protected.  

Easy hacks against Malvertising

Although cyber-criminals are on a constant lookout for loopholes to hack into a system, there are certain easy hacks that could help users fortify their web browser and protect themselves against the most common attacks online.

The foremost and easiest way is to enable click-to-play Plug-ins. A web page that contains a Flash or Java object doesn't run automatically unless the user clicks on it.

Almost all malvertising, use these plug-ins, so this option should protect users from almost everything. Contrariwise, Disabling or Uninstalling Plug-ins not used frequently, including java, could reduce the attack surface, giving attackers less potentially vulnerable software to target. For instance, Java browser plug-ins has been an unending source of vulnerabilities is used by few websites. Nonetheless, if there are Plug-ins that users wish to keep installed, it is vital that they ensure it is regularly updated with the latest security patches. Google Chrome automatically updates Adobe Flash, and so does Microsoft Edge. Internet Explorer on Windows 8, 8.1, and 10 automatically updates Flash, too. If you're using Internet Explorer on Windows 7, Mozilla Firefox, Opera, or Safari, ensure Adobe Flash is set to automatically update.

It has been observed that currently, maximum malvertising attacks have been performed against Windows computers. However, that does not give users of other operating systems a reason to be reluctant about the same. Bearing in mind that websites are hacked every day, a reluctant assumption that a mere adblocker is capable of protecting a computing device from expert hackers is a false sense of security. If a hacker identifies vulnerability in a system, even a single click could prove to be treacherous.

Conclusion

Malvertising is becoming a tough nut to crack, ensued by its disturbingly pervasive nature. Curbing it would require a combined effort of all stake holders in the ecosystem that comprises web site operators, ad networks, consumers and business audiences, striving to defend personal information and important data and neutralize the next data breach well in advance.

(Mr. Nilesh Jain is the Country Manager (India and SAARC), Trend Micro. The views expressed are personal.)

 
Print the Page Add to Favorite
 
Share this on :
 

Please comment on this story:
 
Subject :
Message:
(Maximum 1500 characters)  Characters left 1500
Your name:
 

 
  Customs Exchange Rates
Currency Import Export
US Dollar
84.35
82.60
UK Pound
106.35
102.90
Euro
92.50
89.35
Japanese Yen 55.05 53.40
As on 12 Oct, 2024
  Daily Poll
Will the new MSME credit assessment model simplify financing?
 Yes
 No
 Can't say
  Commented Stories
 
 
About Us  |   Advertise with Us  
  Useful Links  |   Terms and Conditions  |   Disclaimer  |   Contact Us  
Follow Us : Facebook Twitter