Many sites on the internet rely on embedded advertising to make money.
As the advertising industry has matured, a complex eco-system of ad networks and market places has developed to allow content providers to be matched with suitable advertisers.
Unfortunately, as ad-tech has grown more complex, hackers have recognized it as a new vector to deliver malware. Even big-name websites and applications have carried malvertising attacks in recent years.
If your site includes adverting, you are inviting a third-party to add content to your web-pages. Let’s see how you might be inadvertently exposing your users to malicious code.
Internet adverts are usually delivered via a “supply chain” of multiple nested services. This allows ad impressions to be resold and targeted to specific demographics, and response rates to be measured in real-time.
Each domain in the supply chain is a target for a hacker. If they can compromise servers hosting or routing advertising, they have a large pool of potential victims - a much more effective attack surface than hacking a single website.
A compromised server becomes a very effective way to spread malware because the attacker can target operating systems and browsers with known vulnerabilities.
Since only specifically vulnerable users are targeted, it can be very difficult for advertising networks to spot an infection! Hackers also use various tricks - like delaying the deployment of the payload, or only targeting every nth user - to defeat automated scans.
Malware can vary from annoying to malicious. A recent trend is the growth in ransomware, which locks up key files on your computer until a bitcoin ransom is paid.