Following the report from Proofpoint announcing their discovery and analysis of massive malvertising network AdGholas, operating since 2015 (which was pulling in as many as 1 million client machines per day), Thomas Pore Director of IT at Plixer commented below on why advertising is an ‘excellent’ method for hackers, how it worked and what users can do to avoid it.
Thomas Pore, Director of IT at Plixer:
“The detection and analysis of AdGholas shows how creative, resilient, and money hungry cyber criminals are. Advertising is an excellent way to get content in front of a large audience quickly and by using advertising to redirect to a malicious site, users do not need to click anything.
“While steganography has been used in other malware campaigns, this is the first documented case of its use in a drive-by campaign with advertising. By hiding encrypted iframe redirect JavaScript inside an image and using a process to decrypt and exploit demonstrates that regardless of your security layers, cyber criminals have the advantage of innovation to target users.
“The process at which AdGholas was implemented, while detected, continued for so long because of how redirection was being executed. It’s hard to stop something if you don’t know how it works. After months of tracking and investigation it was determined that the process was executed using steganography. Once the use of steganography was detected, the campaign was stopped. I don’t suspect it will be too long before another innovative process is used.
“Users need to remember, that even though a redirect was occurring to a malicious site, exploit kits such as Angler and Neutrino were being used. These exploit kits take advantage of vulnerable software installed locally, such as Flash of Internet Explorer. The filter taking place in this campaign suggests that general PC users were the targets. Users can protect themselves by regularly performing security patching of installed software.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…