For the third consecutive year, Hill Tech Solutions has been named one of the world's premier managed services providers on the prestigious Channel Futures NextGen 101 list!

Need IT Support?
WE CAN HELP!

Malvertising: A New Path for Hackers

Share This Post

Much of the focus in the cybersecurity arena over the past few years has been on email as a point of entry, and with good reason. Both ransomware attacks and the phishing attempts that make many of them possible are on the rise, threatening organizations of all sizes. Training team members to recognize these attempts is vital.

But there are other avenues for hackers, and one involves nothing more than a simple Google search. Welcome to malvertising. While not new, malvertising is on the rise, and the bad guys are getting better at it. Let’s take a look.

Malvertising can be as simple as phony – and malicious – ads that appear as sponsored content in a Google search, or can be a more complex scheme targeting employees of a given organization. In one example, Lowe’s team members were targeted using ads that appeared to direct them to an employee portal but actually linked to a phishing page complete with the company’s logo. Slack, the business communications tool, was another high-profile target.

Malicious ads can also appear on trusted websites as hackers find their way in through the advertising brokers that place these ads.

While Google and its search competitors make every effort to make sure advertisers are legitimate, there are simply too many to keep some bad apples from sneaking through. Last fall saw a jump of more than 40% in malvertising, according to one online security firm, and the fake ads and phishing pages they link to are getting more and more realistic.

What to do?

First, make your employees aware that malvertising is an issue, and what they should look for. Before clicking on any sponsored link, hover over the link and look carefully at the destination URL (and we mean carefully: the URL that fooled many Lowe’s employees was myloveslife.net).

Avoid clicking phone numbers in ads. It’s very convenient, but there’s no way to tell whether you’re connecting with the actual advertiser or with a cyberthief.

Finally, keep your browsers up to date. This can help prevent so-called drive-by downloads, where a page can download malicious code to your device even if you don’t click on any links.

There’s no perfect solution to avoid malvertising completely, but practicing good digital hygiene and looking before you click will help reduce your chances of becoming a victim.

Questions about cybersecurity? Contact Hill Tech Solutions.

More To Explore

Hill Tech's Technology Insights

Manufacturing and CMMC 2.0

Hill Tech Solutions’ Principal Consultant, Ron Hill, CISSP spoke at the RAMP (Regional Additive Manufacturers Partners) MD symposium in Harford County, MD, about the coming

Hill Tech's Technology Insights

Time to Say Goodbye to P@$$w0rds Like This?

Just in time for National Cybersecurity Awareness Month, the National Institute of Standards and Technology (NIST) has updated its password security guidelines in a way