Malvertising campaigns hit US military industry to steal secrets and intellectual property

A new wave of malvertising attacks finalized to cyber espionage is targeting military contractors to military secrets and intellectual property.

Security experts at security company Invincea have uncovered a new malvertising campaign used as a attack vector for highly-targeted cyber espionage operations against at least three firms in the US military industry.

The malvertising is becoming even more popular in the criminal underground, many cases were spotted recently which exploited the ad network of IT giants like Google and Yahoo.

According the experts at Invincea, malvertising campaign allowed threat actors to steal military secrets or intellectual property rather than click-fraud or financial frauds( e.g. Phishing). The circumstance is alarming because many of the targeted companies are providing technology for use in combat zones.

“In the past, we have seen organized cyber crime learn attack techniques from advanced nation state actors,” Invincea Chief Executive Anup Ghosh said, using industry parlance for cyber spies. “This is a case where advanced state actors would be learning from cyber crime in terms of methods and tactics.”

The researchers discovered that using high targeted online advertising threat actors hit major U.S. military contractors in the past few weeks, Invincea declined to name the victims of the malvertising campaigns.

“Data security breaches now regularly hit high-profile businesses such as banks and retailers, leaving millions of consumers vulnerable to identity theft and financial fraud. But research into malvertising has revealed how cyber-criminals and spies can use the marketing industry’s latest tools to pinpoint high-value targets.” reports the Reuters Agency.

The experts at Invincea spotted up to six malvertising attacks that targeted one aerospace contractor and other military contractors in the last weeks of September.

The experts haven’t provided any information on the alleged source of the malvertising attacks, instead they confirmed that attackers used demographic targeting tools available to any online marketer to exploit advertising bidding networks.

“Perpetrators can set up a corporate front to deliver normal ads, then swap landing pages from time to time for malicious code. They place these ads on advertising exchanges and bid up prices for placement on sites that its targets are known to visit, based on what they glean from these intended victims’ advertising profiles.” states the Reuters.

Malvertising website are difficult to be localized, the majority of them belong to the category of One Day Wonders, so the stay online just for the time of the attack, typically for less than four hours. A study conducted by Blue Coat on 660 million unique hostnames reports that 470 Million websites are One Day Wonders and 22 Percent are malicious.

The analysis conducted by experts at Invincea firm confirms the presence of serious flaw in most online advertising networks that could be easily exploited by threat actors.

“Any real-time ad bidding service that allows for automatic redirection is inherently insecure,” said Pat Belcher, who heads Invincea’s security analytics team, which conducted the forensic research. “It is across the board.”

Unfortunately, cyber criminals are winning the fight against the online advertising industry, recent cases demonstrate that the web ad industry is still vulnerable to malvertising campaigns.

Ad networks are too easy to compromise and unaware users haven’t necessary skills and tools to protect their machines.

The major advertising organizations in the US will collaborate to monitor and prevent illegal activities.

“Criminal activity threatens to erode trust in the digital ecosystem,” Randall Rothenberg, chief executive of the Interactive Advertising Bureau said. “It is time that publishers, marketers and agencies stand together to combat these dangerous forces as a unified entity.”

Unfortunately as explained by Invincea malversting is a common practice that is not properly addressed by Advertising industry, it’s time to consider security an indispensable investment and not a cost to reduce.

“Ad delivery networks today are not incentivized to address the problem in a credible manner as they derive revenue from the criminal enterprise,” the Invincea report states. “Turning a blind eye to the problem is rewarded economically,” it said.

Pierluigi Paganini

(Security Affairs – Invincea, malvertising)