Categories: Breaking NewsCyber CrimeSecurity

50 million users can be exposed to Malvertising

A security researcher said that a malvertising campaign could affect as many as 50M users, it affected some popular web sites like Facebook’s Bejewelled Blitz.

According to a security researcher at malvertising attack can affect around 50 million users, and hit known social media websites like Facebook.

“One of the main features about this attack was its large surface area,” “This is quite a well thought-out attack. The author has done his reconnaissance to find how best to infect these users; he has delivered the exploit to a variety of regions, picking particularly popular sites.” explained the principal analyst at Raytheon|Websense Carl Leonard explained that

This large-scale attack is meant to hit the OpenX platform (Online Advertising Technology), threat actors used a malicious code to redirect victims to the Angler Exploit Kit, that as we talked about in previous posts, it’s an exploitation of Flash player vulnerability.

Carl Leonard said that one of the key elements of the attack is to hit code that is no longer supported “That’s one lesson we can learn from this: be wary of code that’s no longer supported. It’s something we’ve seen by the end of life for Windows XP,”.

For this attack to be successful, it used a specific exploit (2 weeks after being known), which means IT teams didn’t have time to fix it the vulnerability since the time of discovery, plus the author of the attack wasn’t using always the same exploit, what made it more difficult to detect the malicious campaign.

“The attack used a particular exploit within two weeks of that exploit going live. That’s a very short timeframe that the IT teams have to work with”, “He used it intermittently rather than every time, it means that not all users are guaranteed to see it.” explained Leonard.

So which is the lesson to take out of this?

This means that even legit websites can be malicious, redirecting you to “nasty stuff”, using newly discovered vulnerabilities in well-known websites.

Which is the best defense?

Keep endpoint security software up to date, since this is the last layer of defense between your machine and the internet, having a good protection may help you to avoid malvertising attacks. If you are in a corporate environment the best defense to add to the endpoint security software would be access to threat intelligence.

Malvertising campaigns exploiting brand new vulnerabilities are optimal for cyber criminals because they require almost no effort, and this obviously means lower costs. On the security perspective, security professionals have to create layers and layers of defense, the higher the cost is for the cyber-criminals, the more difficult will be for them to operate.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – Malvertising, cybercrime)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.