Hackers turn to malvertising to revive exploit kits

While the issue of malicious advertisements has been an occasional topic on the cyber space, neither IT experts nor ordinary netizens regarded malvertising as a serious threat to cyber security and online privacy. However, they will be forced to reconsider its importance as 2016 saw a 132% hike^[1] in malvertising. These numbers suggest a much troublesome menace – the revival of exploit kits.

Malvertising…how does it work actually?

As the entire world computer virus is diverse and ever-evolving, there are multiple malvertising techniques as well. Most dominating are Pseudo-darkleech and EITest.^[2] The former specializes in detecting management system vulnerabilities and then inserting redirection scripts into selected web pages. Likewise, upon visiting such domain, a user is immediately misled to the website harboring Angler exploit kit. The latter hacking tools may be familiar to those users who were interested in the transmission strategies of Cerber ransomware. Though this technique is still viable, luckily, IT cyber security forces were able to put an end to Angler exploit kit. Since then cyber criminals have been shuffling with RIG and Neutrino exploit kits.

Another dominant technique, EITest received attention after Spora 2.0 ransomware made its appearance. It hacked into computers with the help of “The “HoeflerText” was not found” notifications. In this case, particularly Chrome users have been targeted. After visiting a corrupted domain, the content was turned into an unreadable collection of source codes and numbers. In order to read the content, netizens were asked to “update” the extension. However, what would they “update” is none other than ransomware hijack process. Recently, its imitation, “The ArialText font was not found,” has been detected online.

Future prospects of malvertising

One of the recent samples is RoughTed malvertising strategy.^[3] The key problem is that hundred of publishers, some even occupying high positions in popular website ranking, participate in the campaign. RoughTed technique particularly targets Amazon Content Delivery Network. The actors are known to develop crafty ways to cancel fingerprinting and ad-blocking services.

Observing current trends, cyber criminals manifest a clear tendency to revert to older hacking and cyber felony strategies. However, it does not mean that they ran out of ideas. Now hackers are not only pre-teen crooks looking for easy money: now they are highly educated software developers. Thus, since malvertising techniques are becoming craftier, ordinary users should also look for security holes on their devices and search tools. Keeping your anti-virus, system apps and browser up-to-date is not sufficient anymore. Attentiveness and rational thinking are powerful weapons as well.