Page 59 - Cyber Defense eMagazine August 2023
P. 59
With the increasing use of AI in digital advertising, we at Menlo anticipate a major spike in ‘malvertising’
due to the rise in convincing fake ads created by AI tools like ChatGPT and image generators such as
Midjourney and DALLE.
What is malvertising?
Malvertising is a form of highly evasive threat where malware is embedded into online or social media
ads.
Malvertising can be particularly tricky to detect for both internet users and publishers, with malicious ads
typically serving consumers through legitimate advertising networks; all internet users encountering them
are at risk of infection.
Not only is malvertising novel, it's typically complex, and usually comprises several rungs in the attack
chain.
Attackers will usually begin by breaching a third-party server to inject malicious code within a digital
advert, such as a banner advert, or video. If clicked by a website visitor, the corrupted code will lead to
the installation of malware on the user’s endpoint device or direct a user to a malicious website.
Indeed, some advertising attacks involve the use of exploit kits – created with the intention of surveying
a system to then identify and exploit vulnerabilities. And, if installed, malware can wreak untold damage.
Threat actors may delete, modify, or encrypt data. Further, malware may be used to corrupt files, redirect
internet traffic, monitor user activity, steal data or develop backdoor access routes to a system.
Awareness of malvertising is currently low
Given this is a relatively novel and innovative attack method, awareness of the threats of malvertising
remains low at present.
In our survey conducted with CensusWide, we found that while seven in ten consumers say they currently
click on advertisements on the internet ‘to some extent’, the vast majority (70%) of respondents simply
didn’t know they can be infected with malware by clicking on a brand logo.
By comparison, almost three-quarters (73%) understand they can be infected by malware hidden in an
email link.
The research also revealed that around half (48%) are unaware they can be infected via a social media
ad, while 40% didn’t know they can be infected by clicking on pop-ups and banners. Furthermore only
32% wouldn’t trust any website not to contain malvertising.
These statistics are concerning. Indeed, it’s estimated that approximately one out of 100 online ads is
currently malicious, and we now expect this to rise even further as more AI tools and software become
increasingly available and easy to use.
Cyber Defense eMagazine – August 2023 Edition 59
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.