Malvertising – malware delivered through seemingly legitimate code on a website, is a rapidly growing problem. Cyber criminals pose as legitimate advertising sellers, than insert malware into adverts to be delivered. Adverts can also guide those that click onto infected websites.
Use an adblocker
The simplest way to keep malware laced adverts from infecting your network is to apply an adblocker, so that no adverts are displayed. This has been recommended by Cisco. Mobile operating systems now also have such tools available, so staff can be protected on any device that could come into contact with the corporate network
Keep your software patched
Making sure your software is up to date should be a basic in any firm’s security strategy, but it’s one of the best ways to avoid falling prey to malvertising. When software such as Flash is exposed as having vulnerability in it, makers such as Adobe patch it. If the software is not updated so that the patch is applied, users will remain vulnerable if criminals keep sending out the infected advert.
Set Flash to "click-to-run"
Flash is one of the main way in which malicious adverts are delivered. The software is being phased out by some major websites, but stopping Flash adverts playing automatically reduces the likelihood of being exposed too, or clicking on, unpleasant advertising. Earlier this year a Flash zero day vulnerability was exposed as delivering malvertising.
Disable Java
Java vulnerabilities have been used to distribute malware, for example when the Blackhole exploit was distributed via the Clicksor ad network. Like turning off Flash, doing the same for Java in browsers stops adverts that may contain malicious code being automatically delivered when you visit a site. JavaScript should not be turned off though.
Make sure your computer and browser are helping you
Many browsers have the facility to highlight potentially unsafe code on a website, and can flag up potential malvertising campaigns. Of course, anti-virus software should also be deployed alongside what is happening on your browser. Good basic cyber hygeine will give you a start in protecting your business against malvertising.