Your Internet-Connected Device May Be Up for Rent on the Dark Web: How Attackers Abuse Digital Ad Networks to Target Your Business



Digital Advertising: A Growing Multibillion Dollar Industry


Did you know that digital advertising in the United States alone crossed the $100 billion mark for the first time in 2018? On May 7, 2019, CNBC stated that last year’s $107 billion in US online advertising revenue was up by 21.8 percent from 2017, citing an Interactive Advertising Bureau report. And numbers are projected to keep going up—around the globe.


But when any digital industry booms, so do cybercrime and the dark web.


What better medium for attackers to exploit than a multibillion-dollar industry that’s only getting harder to regulate. What better attack surface to use than one that can reach countless users in mere seconds through just a simple little ad?


Malicious Marketing


Since anyone can pay to advertise their product or service online, all cybercriminals have to do is create a fake organization. Then they inject malicious ads into legitimate ad networks, a practice called malvertising.


But get this. Unlike email spam, you don’t even have to click on a malicious ad for it to deliver its payload. All it needs to do is display on the page you’re browsing. From there it exploits your system for vulnerabilities and delivers malware.


Botnet Activity in Online Ads


What’s worse, malicious ads are perfect conduits for botnet activity. In this way, your ordinary internet-connected device can be turned into a zombie machine, which then becomes part of a zombie army that’s put up for rent on the black market!


Other threat actors pay to rent these botnet herds on the dark web to deploy a host of campaigns, including distributed denial-of-service attacks (DDoS) and automated ransomware attacks. Vulnerable to cyber extortion, organizations everywhere are at continued risk of losing millions of dollars worth of data and assets.


Why Malvertising Works


Threat actors love using malicious ads because their campaigns can wreak havoc without being detected and without leaving a trace. Here are just a few reasons why:


  • Any reputable website and legitimate ad network can fall victim to displaying malicious ads and unknowingly put you at risk. And because they often display ads using third-party vendors or software, they sometimes don’t examine the ads they’re hosting.
  • Most major ad networks can’t possibly analyze each banner and redirect, because of—you guessed it—the sheer volume.
  • Attackers can infect devices and networks without compromising the websites hosting these malicious ads. In other words, your favourite sports news site will not be alerted when a malicious ad on that site targets you and delivers its payload. Things on their end—and yours—will continue to run smoothly.
  • Ads have a high turnover and sites have high traffic, making it a real challenge to track them down and determine who’s been affected.
  • As already mentioned, malicious ads don’t even need to be clicked to work! They can auto-redirect users to a malicious site or infect via embedded scripts, drive-by downloads, and browser hijacking.
  • Online advertising has become increasingly smart. Since even legitimate ads use algorithms to target your interests and tastes, malicious ads can do the same! By blending in with content you’re interested in, it increases the likelihood that you’ll interact with it. Native ads are also designed to blend in with the platforms hosting them. Their appearance and content match the websites you’re browsing. In short, as online ads become more sophisticated, attackers can use that sophistication to their advantage also.


The Importance of Protecting Your Business


Unfortunately, most of us underestimate our risk and vulnerability to cyber attacks, whether they be in the form of malicious ads or otherwise. In fact, cybersecurity issues are becoming so complex, large-scale, and ominous that the Government of Canada recently published a National Cyber Threat Assessment 2018 to raise awareness.


“We assess that cybercriminals are—and will continue to be—the greatest cyber threat facing businesses of all sizes in 2019,” the Canadian Centre for Cyber Security stated on page 17 of the report. These cyber threats come in many forms, of course. Malvertising’s just one of them, but considering the pace at which this method is growing, you can’t afford to dismiss it.


So what can you do?


As we’ve recommended in a previous post, to protect your business or organization from malicious ad campaigns you can start by filtering out all major ad networks to reduce exposure. After all, ads serve no purpose in a corporate setting.


Unfortunately, though, ad-blocking software is helpful only to a point: it stops threats that are already known, but it will not catch new or evolved threats! So, while you shouldn’t neglect to take these baseline precautions, there’s no better time than now to consider advanced threat detection services and continuous monitoring.


What Is Continuous Monitoring?


Continuous monitoring allows you to have a team of experienced incident responders and security professionals at your side in real time, combining


  • extensive threat intelligence applied specifically to your unique threat landscape,
  • proactive threat hunting that stops even the most sophisticated attacks before they happen, and
  • exceptional digital forensics, investigation, and analysis.


Discover how ElevatedPrompt Cybersecurity Solutions can protect you with first-rate customized service—so that you can focus on doing business.