Everything You Need to Know about the Malvertising Cybersecurity Threat
Malvertising is a shortened mash-up of “malicious advertising.” In a nutshell, malvertising is a relatively new cyberattack method in which bad actors inject malicious code into digital ads. These malicious ads are difficult to detect, and are served to internet users using legitimate advertising networks and publishing platforms, such as the Google Search Network. Because these ads are displayed to virtually all visitors, they have a high likelihood of success, greatly increasing the risk of infection.
Kara Sherrer, writing for TechRepublic Premium, explains how malvertisements work and the difference between pre-click and post-click malvertisements. The guide also compares malvertising versus malware versus adware and explores the history of malvertising, before finally diving into 10 practical steps that you can take to protect your business from malvertising cybersecurity threats.
Featured text from the download:
PRE-CLICK VERSUS POST-CLICK MALVERTISEMENTS
There are three main ways that the malvertisement may execute an action after being displayed to a website visitor, post-click and pre-click. Post-click attacks require the visitor to click on the malvertisement or otherwise interact with it in order for the attack to execute. With pre-click malvertisements, the malicious code in the ad can execute without the visitor interacting with the ad.
Post-click attacks are quite common, and they can take many forms. Often, the malicious code in the ad will download malware or adware to the user’s computer after being triggered by a click. The malvertisements might also download an exploit kit, which scans the device for vulnerabilities and then exploits them. The malware may then be used for many purposes, such as monitoring the user’s activity, damaging files, stealing or copying data, redirecting internet traffic, and setting up backdoor access points.
Instead of directly downloading malware, post-click malvertisements may also direct to a malicious website that uses social engineering or spoofing techniques to carry out a multistep attack. For instance, the website may be designed to resemble a legitimate login, but it captures the credentials as the user enters them. The hackers can then use those credentials to log in to the real website, stealing sensitive data and information.
Enhance your cybersecurity knowledge with our in-depth 11-page PDF. This is available for download at just $9. Alternatively, enjoy complimentary access with a Premium annual subscription.
TIME SAVED: Crafting this content required 22 hours of dedicated writing, editing, research, and design.
Resource Details
* Sign up for a TechRepublic Premium subscription for $299.99/year, and download this content as well as any other content in our library. Cancel anytime. Details here.
* Sign up for a TechRepublic Premium subscription for $299.99/year, and download this content as well as any other content in our library. Cancel anytime. Details here.