Cyber criminals are quick to exploit any advance in technology, and it appears they’ve clambered aboard the programmatic advertising bandwagon to launch a new style of malware: malvertising.
IT security company RiskIQ used the BlackHat USA 2015 security conference to release the results of its study on malicious advertising, or malvertising. The study looked at the prevalence of malvertising across the nearly two billion publisher pages and 10 million mobile apps that Risk IQ studies daily, and it found substantial growth in malvertising levels.
In the first half of 2015, RiskIQ saw the number of malvertisements rise by 260 per cent over the first half of 2014, with the number of unique malvertisements increasing by 60 percent year. Fake Flash updates became the most popular method to get people to install malware, passing fake antivirus and Java updates.
“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said James Pleger, director of research at RiskIQ, in a statement. “There are a number of reasons for this development, including the fact that malvertisements are difficult detect and take down since they are delivered through ad networks and are not resident on websites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”
According to RiskIQ’s report, the rise of programmatic advertising is helping to fuel the robust growth in malvertising. By replacing human decision making on advertising purchase and placement with software in a machine to machine ecosystem, there are new opportunities to exploit display advertising as a malware distribution tool by hiding malicious code within an ad.
For more on the rising of malware in Canada, check out our interactive map of Canada’s cybercrime hotspots.