Ad Malware Prevention

Advertising is a vital revenue stream for digital companies. Unfortunately, it is also a primary way in which cybercriminals target both your website and your customers for financial gain. Hackers employ adverts in two fundamental ways to attack your websites and customers: malvertising and ad malware.

Both forms of advert-based attacks are problematic for online businesses and organizations. If your revenue stream comes from advertising, in part or in full, then you need to prevent criminals from using your site and ad space to steal revenue. Even if you are not tied to ad revenue streams, unwanted ads or malicious programs can alter your website experience for effected customers, leading to frustrating customer journeys, lost revenue opportunities and possible brand damage – and this likely happens without your knowledge or control because the attacks occur on your clients’ devices.

Read our guide to malicious ad injection prevention

What is ad malware?

Ad malware is a piece of ad software (adware) that comes with malicious software. Adware is not in itself malware but can be highly manipulative and create a delivery mechanism for malicious programs. Tens of millions of users browse with adware, many unknowingly. Some users will choose to download adware to get personalized ads tailored to their wants and needs or to obtain free programs or mobile apps that accompany the adware. Ad malware displays deceptive ads, flashing pop-up windows and large banners to your website customer experience.

How malvertising works

The online advertising industry is a complex web of stakeholders between publishers — the websites you visit — and an obscure world of advertising machinery, including ad exchanges, ad networks and ad servers. Within this world are many opportunities for a hacker to inject malicious code. Here is one example:

1// A cybercriminal buys ad space on a website or from an ad network

2// The criminal supplies an infected ad to be displayed in the space they purchased

3// That malvertising attack happens when the ad is clicked or when the user simply visits the site as many ads can attack without requiring a click

The difference between malvertising and adware

The primary difference between malvertising and adware can be boiled down to the source of the attack. Ad malware sits on customer devices and causes your customers to experience ads you have not served. On the other hand, malvertising ads are hosted on legitimate websites — there is no need for the malvertising attacker to pre-infect your device before you are shown a malicious ad.

How ad malware and malvertising impacts your customers

Ad-based attacks can damage your revenue stream, customer retention and brand. It may also create a data breach due to loss of customer data.

Ad malware displays deceptive ads, flashing pop-up windows and large banners to your website visitors. Not only does this distract your customers, but also potentially damages your customers’ perception of your brand. The ads may also entice your customers to click on rogue adverts, disrupting engagements and reducing conversions. Ad malware can furthermore be used by hackers to collect browser data without user permission. User data can be utilized to serve more personalized ads to drive higher click-through rates and more effectively draw your customers away from your site. Even worse, ad malware with JavaScript may be programmed to siphon login, payment or PII data to be used in subsequent attacks or sold on the black market.

Read our blog on the impact of ad injection on ecommerce

Not knowing is a big part of the problem

One of the biggest problems with ad malware is that you do not know that it is happening. Security tools, typically in place on the server side, focus on detecting and preventing attacks that target the server side of the website. For instance, web application firewalls are used by most organizations to monitor and detect malicious traffic sent to the website domain. Malware from ads is planted on the client side, however, after the web page has loaded which leaves in-place tools such as web application firewalls blind to the attack. Firewalls cannot detect or prevent the ad malware infiltration from happening, nor can it stop the malware from displaying ads or stealing data.

If you are not aware that ad-based attacks due to ad malware or malvertising is happening, then it is very hard to address the problem.

Preventing ad malware

It is very difficult to prevent client-side injection of malware into your website. You can, however, prevent any malware from being able to load unwanted content from the Internet, such as malicious ads or code, or siphon sensitive data off to criminal sites (web skimming).

Ad malware attacks that target your customer experience and sensitive customer data can be prevented by implementing client-side web security to manage incoming and outgoing requests. By taking this approach, you can prevent the ability for your website to load or display content from unauthorized network locations other than those which you explicitly approve. If malware is planted in your website, you can also stop theft of PII and login data by restricting the browser to send data only to authorized sites.

The Ensighten platform allows organizations to activate client-side web security across visitor browser sessions, ensuring that incoming and outgoing browser requests involve only authorized entities.