Malvertising is not just e-junk anymore. It’s taking a big bite out of the entire advertising industry.
I have been staring at computer screens for a long time. I remember when AOL was the biggest thing to come along since 16-bit computing.
I have always been an anti-spam/junk advocate. With snail mail, I could just pitch it. With radio and TV ads, I could turn down the volume or switch channels. But it got impractical to walk away from my computer every time an ad popped up on a new page. So for years I tried everything I could to fight back against online advertising. But eventually I threw my hands in the air and simply stopped trying to fight it. I finally got used to the bombardment of online advertising and learned to ignore it.
I guess ignoring them was the best habit I picked up because now the maldroids that love to mess with our lives have found a gold mine in malvertising.
Malvertising, or poisoned ads, are both toxic and ubiquitous. Hackers have learned how to link online advertising to malware so when one clicks on the ad, boom! You’re hacked. And, more hackers than ever are targeting what is the Internet’s primary money engine – advertising – and using it as a dominant attack vector to hide exploits and compromise huge numbers of victim
Malvertising isn’t new. It was first identified in 2007. But it didn’t really get going until a few years ago. In 2012, there were 12.4 billion malvertisement impressions on various sites. That number jumped by 200% in 2013 and another 300% in 2014.
This is no small problem. These ads are expected to cause up to $1 billion in various types of damages. And the problem is that they are difficult to spot. Add to that the nature of human curiosity and one can see why hackers relish this attack vector.
Plus, most of the big sites such as Google, Yahoo, MSN, and countless others are just ignoring the problem because there are no repercussion for them. All they see is the ad revenue. Like all the other hacks, the cost of the attack falls squarely on the end user. Even if it costs these companies a few million dollars in incidental costs, it is still far cheaper than layering a good security solution in at the source to protect the end user.
But the seriousness of malvertising is being overlooked. It is such an insidious vector because it can be proliferated on a vast number of Web sites with very little effort. And tracking the attacks is difficult and tricky because advertisements are dynamic. Moreover, with evolution of Big Data, they can target specific users on certain website, under certain conditions. This makes the audit trails of such ads difficult to analyze.
Ironically, it is hitting exactly the entities that have turned the blind eye…the advertisers. The awareness of this threat vector, coupled with a rising awareness by consumers is driving users to block ads. A report from PageFair indicates some 198 million users operate ad blocking software, up by 41% globally since last year. That is now costing the online ad industry a whopping $22 billion. Maybe, just maybe, this will force them to stop this nascent menace.