Your business operates in a very different space to a few decades back. Before, everyone threw around ideas for cold calls and advertising gimmicks at in-person meetings. Today, business owners and employees are more likely to swap messages online, leverage artificial intelligence, and look up terms like “malvertising” as your business keeps up.
Cyberattacks are also a reality, and it's no longer just about phishing or passwords. One threat to businesses emerged in the late 2000s but has gained traction–malvertisements.
What Your Business Should Know About Malvertising
“Mal” advertising isn’t much of a mystery. Attackers place malware onto desktops and mobile devices to steal from or damage databases. Unfortunately, the results can be catastrophic for your brand’s reputation, especially if these attackers manage to leak employees’ and customers’ personal data.
Malvertising happens via two major platforms: fake sites and real ones.
Malvertisements Via Malicious Websites
Attackers make faux website pages to mirror official ones. The aim is to make searchers slip up and use this illegitimate site.
According to Rapid7’s cybersecurity researchers, this is frequently happening to Windows administrators as the attackers impersonate Putty and WinSCP (two commonly used Windows utilities). The devil is in the details, since these hackers are relying on searchers misspelling names to land on these phony websites.
Searching “puuty.org” instead of “putty.org” or typing in “vvinscp.net” rather than “winscp.net” places the matching (misspelled) website URL as the first search result. The fake site pops up, admins click on it because they’re in a rush or sloppy, and they don’t notice the mistake until malware infiltrates your business.
Malvertisements Via Faux Ads on Legitimate Sites
Alongside a malicious website, malvertising takes the form of malicious ads on legitimate websites.
Hackers are more creative with these malvertisements, placing malware into your legitimate company pages where even cautious users can fall victim to them. In this way, they breach your third-party server by placing harmful codes into:
- Display ads.
- Banners.
- Videos.
- Other clickable ad copy.
Once clicked on, the malvertising campaign ad installs malicious software into the device or redirects them to a fake website where advanced attacks destroy files, copy sensitive data, and monitor activity.
How Business Owners Can Tell That a Malvertisement is in Play
Can you protect yourself and your employees from harmful sites and ads that threaten personal information? Yes. Recognize these signs of malvertising:
- Misspelled URLs or ad copies.
- Unprofessional or slapdash page layouts.
- Tempting ads with unrealistic promises.
- Deals that are too good to be true.
Resisting Malware at Work Requires the Right Tools
As a publisher, your business can protect its website visitors. Start by choosing third-party ad networks carefully and scanning for codes or malware before uploading ads to your site. Trusted cybersecurity teams can also help your business by making recommendations based on recent ad activity.
Your business's cybersecurity is only as strong as its weakest link–that one employee clicking a malicious ad. Update extensions, software, and web browsers with antivirus software and encourage safe searching online. The less malvertising risk your company faces, the more peace of mind you’ll have going forward.
