Cyber Insurance Basics: Malvertising
Malvertising—or malicious advertising—is a relatively new cyber-attack technique. The term comes from a combination of ‘malware’ and ‘advertising’. Cyber-criminals embed malware into the advertisements (ads) of well-known online publications. Trusting these legitimate sites, internet users load the webpage or click on the ad, allowing malware to be downloaded onto their device.
Recent attacks have occurred on high-profile websites such as The London Stock Exchange and Spotify, and it’s easy to see why. With millions of ads distributed daily, it’s difficult for organisations to vet each one. Therefore, website publishers must take steps to reduce the risk of malvertising. Consider these tips:
- Review ad networks—Before signing up for ads, inquire about their ad delivery paths and data security practices. Use trusted networks that have adequate malvertising prevention measures in place.
- Run regular malware scans—Don’t rely on your overall network security. Take additional security measures by running regular scans to ensure your website is malware-free.
- Keep software up to date—New vulnerabilities in website software are regularly uncovered, so it’s essential to check that your website is up to date and fully supported. Upgrade or apply service patches as soon as an update is received.
Additionally, employers and all website users should take steps to protect themselves:
- Invest in an antivirus program—A trustworthy antivirus program can go a long way in reducing your chances of encountering a malvertising attack. Once installed, remember to update your antivirus software often.
- Turn on click-to-play plugin—Through selecting the ‘click to play’ option in your browser, online content that requires plugins to play (eg Java, Adobe Reader) will be disabled unless manually allowed. This helps protect you from having a fraudulent website play content automatically and gives you more control.
- Install an ad blocker—By installing an ad blocker, you can prevent most malvertising attacks by ensuring that ads aren’t displayed in the first place. Be aware that some websites may not run properly when an ad blocker is enabled. However, you can choose to allow online ads from certain sites once you’ve properly examined the cyber-risk.