<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2815180&amp;fmt=gif">
Alienvault USM Anywhere Logo
Skip to content

Malvertising Explained: Protect Your Organization Against Malicious Ads

Blog

July 20, 2023

Malvertising can have a powerful impact on your organization, going beyond data security to influence brand reputation and more. 

Cybercriminals can exploit almost any part of a website’s infrastructure – even the ads it shows to visitors. Malvertising is a relatively new cybercrime trend that focuses on compromising the third-party servers that most website owners rely on to serve ads. 

What is Malvertising and How Does it Work? 

In a typical malvertising attack, attackers start by compromising a third-party server used to display ads. Ad servers are already connected to a wide range of websites, which are usually configured to automatically trust the ad content they receive.  

Cybercriminals inject malicious code into display ads, which the server then pushes out to its network. They may use a variety of different techniques, such as manipulating banner ad copy, changing the link to direct users to a spoof website, or changing other elements of the ad’s content. 

When a website visitor clicks on the ad, the malicious code will execute. It may install malware onto the victim’s device, redirect the user to a malicious website, or leverage an exploit kit to scan victims’ systems for vulnerabilities and weaknesses. 

In some cases, cybercriminals can launch malvertising attacks that don’t require users to interact with the ad at all. Drive-by-downloads exploit browser vulnerabilities to install malware passively, while other attack methods force the user’s browser to redirect to a malicious site automatically. 

Malvertising Impacts Both Server-Side and Client-Side Security 

Malvertising attacks exploit third-party partners who are part of the website supply chain. This increases the risk for website users and owners alike. These kinds of attacks have a unique risk profile with a wide variety of downstream impacts and knock-on effects: 

  • End users are obviously at risk of downloading malware injected into their systems through the ads they click on. These attacks may exfiltrate data, install keyloggers, or grant administrative privileges to cyber criminals. 
  • Website owners risk reputational damage stemming from data breaches that result from malvertising attacks, even though they’re not technically at fault. Even though website owners have little control over the ads they serve to visitors, victims will blame the website for exposing them to the attack. 
  • Advertisers, including organizations that rely on ads to generate leads, run the risk of having their ads used for nefarious purposes. This adds an additional layer of reputational damage to the attack, as victims learn to associate the advertiser’s product with malvertising campaigns. 
  • Employees can easily fall victim to malvertising attacks when making business purchases from trusted third-party vendors. If cybercriminals compromise a vendor’s advertising partners, they’ll likely gain access to many of the organizations that do business with that vendor. 
  • Anti-virus solutions and ad blockers can’t always keep up with complex malvertising campaigns. Some variants like RoughTed use dynamic URLs to bypass anti-virus solutions and most commercial ad blockers.  

Importantly, most advertising platforms specifically limit their liability for malvertising attacks in their Terms and Conditions. That means that the repercussions for digital privacy violations that occur due to malvertising attacks fall squarely on the website owner. 

Malvertising Campaigns are Surprisingly Prevalent on High-Traffic Websites 

Because malvertising campaigns focus on compromising third-party ad networks, they tend to concentrate on high-traffic websites that many users implicitly trust. 

One report discovered several thousand high-traffic websites running third-party data exfiltration scripts, including some of the world’s most recognizable names in digital media. 

These attacks focus on “leaky forms” that have been manipulated to send sensitive information to third parties as users type on web-hosted forms. Most modern websites incorporate a wide range of third-party codes for everything from chatbots to social media analytics and payment transactions. Cybercriminals have shown themselves capable of tampering with the trusted content that these third-party partners provide to even the largest and most reputable website owners. 

Detect Malvertising Attacks Using UEBA-powered SIEM Technology 

Security leaders are increasingly concerned about employees accidentally interacting with malicious ads on trusted websites. Since reputable, high-traffic websites can’t ensure the security of their third-party partners, it stands to reason that almost every website that shows ads to users represents a potential risk. 

User entity and behavioral analytics provide security teams with ample visibility into the actions that users take when interacting with external websites. This triggers alerts when a successful malvertising attack leads to changes in the way an employee user account (or the device it’s associated with) exhibits unusual behavior after encountering a suspicious advertisement. This gives security teams a valuable head start on detecting and investigating malvertising risk throughout the organization. 

Learn how your organization can benefit from UEBA; reach out to us to learn more about our malware detection and prevention solutions.