According to a security researcher at malvertising attack can affect around 50 million users, and hit known social media websites like Facebook.
“One of the main features about this attack was its large surface area,” “This is quite a well thought-out attack. The author has done his reconnaissance to find how best to infect these users; he has delivered the exploit to a variety of regions, picking particularly popular sites.” explained the principal analyst at Raytheon|Websense Carl Leonard explained that
This large-scale attack is meant to hit the OpenX platform (Online Advertising Technology), threat actors used a malicious code to redirect victims to the Angler Exploit Kit, that as we talked about in previous posts, it’s an exploitation of Flash player vulnerability.
Carl Leonard said that one of the key elements of the attack is to hit code that is no longer supported “That’s one lesson we can learn from this: be wary of code that’s no longer supported. It’s something we’ve seen by the end of life for Windows XP,”.
For this attack to be successful, it used a specific exploit (2 weeks after being known), which means IT teams didn’t have time to fix it the vulnerability since the time of discovery, plus the author of the attack wasn’t using always the same exploit, what made it more difficult to detect the malicious campaign.
“The attack used a particular exploit within two weeks of that exploit going live. That’s a very short timeframe that the IT teams have to work with”, “He used it intermittently rather than every time, it means that not all users are guaranteed to see it.” explained Leonard.
So which is the lesson to take out of this?
This means that even legit websites can be malicious, redirecting you to “nasty stuff”, using newly discovered vulnerabilities in well-known websites.
Which is the best defense?
Keep endpoint security software up to date, since this is the last layer of defense between your machine and the internet, having a good protection may help you to avoid malvertising attacks. If you are in a corporate environment the best defense to add to the endpoint security software would be access to threat intelligence.
Malvertising campaigns exploiting brand new vulnerabilities are optimal for cyber criminals because they require almost no effort, and this obviously means lower costs. On the security perspective, security professionals have to create layers and layers of defense, the higher the cost is for the cyber-criminals, the more difficult will be for them to operate.
About the Author Elsio Pinto
Edited by Pierluigi Paganini
(Security Affairs – Malvertising, cybercrime)