Following the news that a massive malvertising campaign targeting iOS devices hijacked a whopping 300 million browser sessions in just 48 hours, please see below for commentary from Rusty Carter, VP Product Management at Arxan Technologies.
Rusty Carter, VP Product Management at Arxan Technologies:
“This malvertising campaign is another example of consumers becoming victims due to attacks against them through their browser. By using ad networks to load content into unprotected web pages, the attackers are able to change the behaviour of the pages including automatically taking the user’s browser to unrequested destinations.
This may be another blow to the digital advertising economy, in addition to impacting websites that make money from display advertisements, as their reputation with their end users will be tarnished by the vulnerabilities created by included content, similar to Magecart.
Consumers on the other hand are left with an unreliable experience – even when doing the right thing, they may be subjected to threats because companies are not protecting the app running in the browser, and only rely on WAF and network security to protect from within the data centre. This leaves consumers exposed to significant potential personal, privacy, and financial losses if just a couple lines of code end up running in their browser.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.