Page 59 - Cyber Defense eMagazine August 2023
P. 59

With the increasing use of AI in digital advertising, we at Menlo anticipate a major spike in ‘malvertising’
            due to the rise in convincing fake ads created by AI tools like ChatGPT  and image generators  such as
            Midjourney and DALLE.



            What is malvertising?

            Malvertising  is a form of highly evasive  threat where malware is embedded into online or social media
            ads.

            Malvertising can be particularly tricky to detect for both internet users and publishers, with malicious ads
            typically serving consumers through legitimate advertising networks; all internet users encountering them
            are at risk of infection.


            Not only is malvertising  novel, it's typically complex,  and usually comprises several  rungs in the attack
            chain.

            Attackers  will  usually  begin  by  breaching  a  third-party  server  to  inject  malicious  code  within  a  digital
            advert, such as a banner advert, or video. If clicked by a website visitor, the corrupted  code will lead to
            the installation of malware on the user’s endpoint device or direct a user to a malicious website.

            Indeed, some advertising attacks involve the use of exploit kits – created with the intention of surveying
            a system to then identify and exploit vulnerabilities. And, if installed, malware can wreak untold damage.

            Threat actors may delete, modify, or encrypt data. Further, malware may be used to corrupt files, redirect
            internet traffic, monitor user activity, steal data or develop backdoor access routes to a system.



            Awareness of malvertising is currently low

            Given this is a relatively novel  and innovative  attack method,  awareness  of the threats of malvertising
            remains low at present.

            In our survey conducted with CensusWide, we found that while seven in ten consumers say they currently
            click on advertisements  on the internet ‘to some extent’, the vast majority (70%) of respondents  simply
            didn’t know they can be infected with malware by clicking on a brand logo.

            By comparison,  almost three-quarters  (73%) understand  they can be infected by malware hidden in an
            email link.


            The research also revealed that around half (48%) are unaware they can be infected via a social media
            ad, while 40% didn’t know they can be infected by clicking on pop-ups and banners. Furthermore  only
            32% wouldn’t trust any website not to contain malvertising.

            These statistics  are concerning.  Indeed,  it’s estimated  that approximately  one out of 100 online ads is
            currently malicious, and we now expect this to rise even further as more AI tools and software become
            increasingly available and easy to use.




            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               59
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   54   55   56   57   58   59   60   61   62   63   64