Page 60 - Cyber Defense eMagazine August 2023
P. 60
Malware-as-a-service and AI generated text and images are already accessible, meaning even attackers
with little or no skills can create convincing ads and powerful evasive malware to boot. We’re expecting
a big uptick in malvertising as a result.
Best practices for avoiding malvertising
Awareness of the risks needs to increase so that anyone online applies caution to clicking on adverts on
any website – no matter how much they trust it.
Some people may be shocked to learn that even the most credible websites are not immune to
malvertising. Indeed, we recently found that the top three brands impersonated by malicious threat actors
attempting to steal personal and confidential data over a 90-day period were Microsoft, Facebook, and
Amazon.
So, how can consumers ensure they don’t become the victim of malvertising?
First, it’s important to carefully check website URLs before clicking. This can be done by hovering your
mouse over the advert until the URL appears. Threat actors can often use convincing domain names by
replacing certain characters to trick the eye, but they won’t be able to use the actual domain of the site
you think you’re clicking on. Therefore, meticulously checking links for discrepancies is important.
Second, web users should check the brand logo to see if it looks genuine. When logos are copied, they
can appear stretched, squashed, or pixilated. This could be a sign that it’s not legitimate – large
companies tend to have strict branding guidelines that malvertising attackers won’t necessarily follow.
It’s also worth considering what the advert is asking you to do. Legitimate brands often place adverts to
increase brand awareness. Malvertising campaigns do not care about these impressions. They will be
more direct, asking you to ‘click here’ or ‘buy now’.
In this sense, it’s important to be cautious of redirections. If you do click on an advert and it takes you
through to the site you expected, be aware that the more ads you click on the higher chance you have of
encountering malware.
Our research has found that you’re only 3-7 clicks away from malware online. And the growing prevalence
of AI generated content online will only fuel highly evasive threats such as malvertising further.
Ultimately, the key is taking a cautious approach to adverts. No website is immune to malvertising. By
staying vigilant and always following best practices, you’re much more likely to stay protected.
Cyber Defense eMagazine – August 2023 Edition 60
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.