Researchers with Confiant Security are reporting that “ScamClub” malvertisers are exploiting a browser zero day to redirect traffic to scam sites. Their report says: “Active for at least several years now, ScamClub malvertisements are defined mainly by forced redirections to scams that offer prizes to “lucky” users, like the all too ubiquitous “You’ve won a Walmart giftcard!” or “You’ve won an iPhone!” landing pages. Over the last 90 days, ScamClub has delivered over 50MM malicious impressions, maintaining a low baseline of activity augmented by frequent manic bursts — with as many as 16MM impacted ads being served in a single day.” Cybersecurity experts offer thoughts.
<p>It\’s important to note that the malware that is being implanted into these browsers can also contain multiple payloads. That is the payload may not just be confined to malvertising material – but can also contain more traditional enterprise attacking payloads where corporate and other credentials are collected and directed back to the command and control center. These traditional credential collectors can be used to attack BOTH individuals and enterprises.</p> <p> </p> <p>This is why enterprises need to insure that they are able to monitor their accounts and account privileges for nefarious usage and for nefarious privilege escalation that may result from these browser based attacks or other identity manipulation means.</p>
<p>The recent revelation of a Malvertising group leveraging an exploit in the commonly used WebKit framework is concerning, while the very existence of a Malvertising group like ScamClub shows, again, how malicious actors have turned cybercrime into a lucrative business. Attacks like this can be a challenge to mitigate for home users, beyond keeping their patches up to date relying on an ISP provided or 3rd party service to block known malicious DNS domains. Organizations have a similar challenge with the sheer volume of malicious ads, but can benefit from enabling the same techniques and security analytics that can help identify malicious activities by their behaviors.</p>