DALLAS, TX: Online and mobile ads are major threats to IT security, according to a new report which highlights malvertising and adware among the ongoing challenges the industry needs to address.
In Bad Ads and Zero-Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices, IT security specialist TrendMicro reported that, on the basis of what it had seen in the first quarter of the year, "cybercriminals and threat actors no longer need to create new channels to reach their victims and targets".
Most of the groundwork has already been laid, it said. Malvertisements – where criminals use ads to drop malware on the computers of unsuspecting visitors to ad-hosting sites – are not a new phenomenon and many users are prepared to deal with them. But "nothing can prepare them for malvertisements laced with zero-day exploits", the report stated.
This combination undermines two security best practices available to users – only visiting trusted sites and keeping applications updated with the latest patches (zero-day exploits such as Trojans and viruses take advantage of computer security holes for which no solution is currently available).
In a recent instance of this, a zero-day Adobe Flash exploit distributed via malvertisements spread BEDEP malware: users who downloaded the BEDEP malware were put at risk of becoming unwilling participants in attackers' botnet operations, as well as becoming fraud victims and downloading other malware, the report explained.
Mobile users are also increasingly exposed through adware, a form of malware where unwanted ads are shown to users. TrendMicro noted that after Google had removed three apps from its store that were found to be adware in disguise, more than 2,000 other apps were found displaying similar behaviour.
Overall, it had recorded more than 5m Android threats so far and predicted a total of 8m by the end of the year.
"Ad networks definitely need to step up their security," it said.
An alternative "best practice" for consumers is to use ad-blocking software. One of the leaders in this field, Adblock Plus, has just launched an ad-blocking browser for Android devices.
Co-founder Tilla Faida said that advertisers had "destroyed the user experience" on mobile with thoughtlessly designed ads as well as "mobile ad networks that are riddled with security holes".
In Bad Ads and Zero-Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices, IT security specialist TrendMicro reported that, on the basis of what it had seen in the first quarter of the year, "cybercriminals and threat actors no longer need to create new channels to reach their victims and targets".
Most of the groundwork has already been laid, it said. Malvertisements – where criminals use ads to drop malware on the computers of unsuspecting visitors to ad-hosting sites – are not a new phenomenon and many users are prepared to deal with them. But "nothing can prepare them for malvertisements laced with zero-day exploits", the report stated.
This combination undermines two security best practices available to users – only visiting trusted sites and keeping applications updated with the latest patches (zero-day exploits such as Trojans and viruses take advantage of computer security holes for which no solution is currently available).
In a recent instance of this, a zero-day Adobe Flash exploit distributed via malvertisements spread BEDEP malware: users who downloaded the BEDEP malware were put at risk of becoming unwilling participants in attackers' botnet operations, as well as becoming fraud victims and downloading other malware, the report explained.
Mobile users are also increasingly exposed through adware, a form of malware where unwanted ads are shown to users. TrendMicro noted that after Google had removed three apps from its store that were found to be adware in disguise, more than 2,000 other apps were found displaying similar behaviour.
Overall, it had recorded more than 5m Android threats so far and predicted a total of 8m by the end of the year.
"Ad networks definitely need to step up their security," it said.
An alternative "best practice" for consumers is to use ad-blocking software. One of the leaders in this field, Adblock Plus, has just launched an ad-blocking browser for Android devices.
Co-founder Tilla Faida said that advertisers had "destroyed the user experience" on mobile with thoughtlessly designed ads as well as "mobile ad networks that are riddled with security holes".
Data sourced from TrendMicro, Adblock Plus; additional content by Warc staff
