blog.barracuda.com Open in urlscan Pro
20.252.42.4  Public Scan

Form analysis
1 forms found in the DOM

GET https://blog.barracuda.com/search/

<form method="GET" class="cmp-search-box__form" action="https://blog.barracuda.com/search/">
  <input class="cmp-search-box__form__input" type="search" name="searchTerm" aria-label="Search for" placeholder="Search" value="" data-cmp-hook-header="searchInput">
  <a href="#" class="cmp-search-box__form__search-btn" aria-label="Search" data-cmp-hook-header="searchSubmit">
        <span class="cmp-search-box__form__search-btn__icon"></span>
    </a>
</form>

Text Content

 * Home
 * Ransomware Protection
 * Email Protection
 * Research
 * Remote Work

 * Home
 * Ransomware Protection
 * Email Protection
 * Research
 * Remote Work

TYPE AND PRESS ENTER TO SEARCH


MALVERTISING MAKES A COMEBACK

Topics:
Feb. 28, 2023
|
Kevin Williams
Tweet
Share
Share
Tweet
Share
Share

Malvertising is nothing new. But often times for hackers, what’s old is new
again. “Cybersecurity is like a game of whack-a-mole, you punch one threat down,
and it pops up someplace else later,” says Max Jennings, a cybersecurity expert
in Chicago. Jennings explains the cyclical nature of cybersecurity is that once
awareness is raised about a cyber danger, hackers will stop using it.


HOW OLD TRICKS BECOME NEW AGAIN

As the awareness of a cyberthreat fades over time, all “tool(s)” becomes
effective again for hackers. “And this is where we are with malvertising. It got
a lot of publicity several years ago and when people became aware of the danger,
hackers found it less effective, and it faded from the foreground. But here we
are again,” Jennings notes.

Spamhaus is reporting a massive spike in malvertising in the first month of
2023, specifically: numerous malware, including AuroraStealer, IcedID, Meta
Stealer, RedLine Stealer, and Vidar, are being delivered to victims’ machines
through bad actors impersonating brands such as Adobe Reader, Gimp, Microsoft
Teams, OBS, Slack, and Thunderbird using Google Ads.

Spamhaus goes on to say: Victims were being lured with impersonator Thunderbird
Google Ads, leading to spoofed pages, which, once clicked on, delivered an
IcedID payload to the unwitting victim’s device.

“Some of these ads are so specific that you’d never expect them to be
malvertising,” Jennings warns.


BEST PRACTICES FOR MSPS

So, with all the other threats out there, what can MSPs do to stem the growing
threat from malvertising?

“Malvertising, unlike some other attacks, is very human-natured based, so
sometimes all the tech tools in the world can’t prevent problems, but that
doesn’t mean MSPs should not try,” Jennings advises.

Some data points to malvertising being a more significant issue on weekends and
holidays. While offices may be emptier on weekends, sometimes security is more
lax also, so organizations must be sure to keep security on 24/7 alert. Some
studies show as many as one out of every 100 ads carry a malicious payload.

“When you think of how many ads are out there, that’s a high number,” says
Jennings. “A lot of it just bread-and-butter back to basics; however, user
training is also vital when it comes to combatting malvertising.”


STEPS TO PREVENTING MALVERTISEMENT ATTACKS

Ad blocking: “Just get rid of the ads, problem solved,” Jennings advises. This
won’t mitigate every kind of malvertising threat, but it gets rid of the vast
majority. But this isn’t possible in every business environment, he explains.
“Many businesses want the ads in their ecosystem to monitor consumer behavior
and competitor behavior.” Still, consider installing an ad blocker if your
client is in a business where serving ups is of no value.

Content Security Policy (CSP): A CSP can determine which domains can serve
content on your website. “What this does is prevents unauthorized scripts from
running, and that means users won’t unwittingly download malware,” Jennings
says. But many understaffed, overworked IT departments overlook this relatively
simple fix.

Security awareness training: As is often the case, the cheapest fix is the human
fix. “If people are aware that the threat is out there and you lead them through
some proper training, you’ll go a long, long way to eliminating the human
element,” Jennings suggests.

Themes to emphasize in training should include:

 * Ads should look professionally produced; if not, don’t click on them (of
   course, hackers are getting increasingly sophisticated in their profession,
   so the ads are looking more and more accurate.)
 * Don’t click on ads that have spelling errors; this is part of the
   “professionally produced” theme.
 * Don’t view ads that don’t correspond to your recent/typical search history. A
   user who has never viewed an advertisement for anti-baldness cream should
   consider such an ad suspicious.

Disable Flash and/or Java: Avoid using Flash and Java. There have been many
reported issues with both being used as entry points for malvertising attacks.
If you can get by without using them, then do so. “Some businesses can’t do
without Java or Flash, but if you can, then by eliminating that, you are
eliminating an entry point,” Jennings advises.

MSPs will never eliminate all the threats, Jennings warns, adding, “But what you
can do is tilt the odds in your favor and following these steps will greatly
reduce chances for a malvertising attack.”

This article originally appeared on SmarterMSP.com. Subscribe
to SmarterMSP.com for the latest cybersecurity insights, news, and information
to help you enhance your MSP business.

Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety
of publications including the Washington Post, New York Times, USA Today, Wall
Street Journal, National Geographic and others. He first wrote about the online
world in its nascent stages for the now defunct “Online Access” Magazine in the
mid-90s.  Connect with him on LinkedIn.

Related Posts:
e-book: The new ABCs of application security
Understanding coming application security trends and the new OWASP Top 10
The alphabet soup of cloud protection
Secured.21: Threat trends and the future of application security
Tweet
Share
Share
Tweet
Share
Share

--------------------------------------------------------------------------------


Popular Posts

Q&A: Barracuda’s integration with Amazon Security Lake Barracuda named a
Visionary in the 2022 Gartner® Magic Quadrant™ for Network Firewalls Malicious
bots are targeting your apps. Here’s how to shut them down. Gartner 2022
security trend #6: Vendor Consolidation A cybersecurity year in review: Five
things we learned from 2022

Topics

13 Email Threat Types Ransomware Protection Microsoft 365 Email Protection
Network Protection Application and Cloud Protection Data Protection and Recovery
Healthcare Education Industrial and IoT Security Managed Services Digital
Transformation Barracuda Engineering

Resources

Barracuda Security Insights Barracuda Email Threat Scan Security Glossary

2023 © Journey Notes
 * Email Protection
 * Application and Cloud Security
 * Network Protection
 * Data Protection




HOW BARRACUDA USES COOKIES




YOUR PRIVACY


YOUR PRIVACY

Barracuda Sites may request cookies to be set on your device. We use cookies to
let us know when you visit our Barracuda Sites, to understand how you interact
with us, to enrich and personalize your user experience, to enable social media
functionality and to customize your relationship with Barracuda, including
providing you with more relevant advertising. Note that blocking some types of
cookies may impact your experience on our Barracuda Sites and the services we
are able to offer.


 * STRICTLY NECESSARY COOKIES
   
   
   STRICTLY NECESSARY COOKIES
   
   Always Active
   Strictly Necessary Cookies
   
   These cookies are necessary for the website to function and cannot be
   switched off in our systems. They are usually only set in response to actions
   made by you which amount to a request for services, such as setting your
   privacy preferences, logging in or filling in forms. You can set your browser
   to block or alert you about these cookies, but some parts of the site will
   not then work.


 * ANALYTICS COOKIES
   
   
   ANALYTICS COOKIES
   
   Analytics Cookies
   
   These cookies help Barracuda to understand how visitors to our pages engage
   within their session. Analytics Cookies assist in generating reporting site
   usage statistics which do not personally identify individual users.


 * PERFORMANCE COOKIES
   
   
   PERFORMANCE COOKIES
   
   Performance Cookies
   
   These cookies allow us to count visits and traffic sources so we can measure
   and improve the performance of our site. They help us to know which pages are
   the most and least popular and see how visitors move around the site. If you
   do not allow these cookies we will not know when you have visited our site,
   and will not be able to monitor its performance.


 * TARGETING COOKIES
   
   
   TARGETING COOKIES
   
   Targeting Cookies
   
   These cookies may be set through our site by our advertising partners. They
   may be used by those companies to build a profile of your interests and show
   you relevant adverts on other sites. They do not directly identify you, but
   are based on uniquely identifying your browser and internet device. If you do
   not allow these cookies, you will experience less targeted advertising.


 * FUNCTIONAL COOKIES
   
   
   FUNCTIONAL COOKIES
   
   Functional Cookies
   
   These cookies enable the website to provide enhanced functionality and
   personalisation. They may be set by us or by third party providers whose
   services we have added to our pages. If you do not allow these cookies then
   some or all of these services may not function properly.

Back Button


ADVERTISING COOKIES

Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts

Select All

 * REPLACE-WITH-DYANMIC-HOST-ID
   
   
   33ACROSS
   
   33ACROSS
   
   View Third Party Cookies
   
    * Name
      cookie name

 * REPLACE-WITH-DYANMIC-VENDOR-ID
   
   
   33ACROSS
   
   3 Purposes
   
   View Privacy Notice
   
   
   
   33ACROSS
   
   3 Purposes
   
   View Privacy Notice
   
   REPLACE-WITH-DYANMIC-VENDOR-ID
   
   Consent Purposes
   
   Location Based Ads
   
   Consent Allowed
   
   Legitimate Interest Purposes
   
   Personalize
   
   Require Opt-Out
   
   Special Purposes
   
   Location Based Ads
   
   Features
   
   Location Based Ads
   
   Special Features
   
   Location Based Ads



Clear Filters

Information storage and access
Apply
Confirm My Choices



COOKIE ACCEPTANCE

We use cookies to make our website work. We and our partners would also like to
set optional cookies for analytics purposes, as well as to measure and improve
the performance of the website, and to remember your preferences and provide you
enhanced functionality and personalization. Click on the Cookies Preferences
button to find out more and set your preferences.

Click on the Accept All button if you consent to the use of all such cookies. If
you choose to allow the use of such cookies, you will be able to withdraw your
consent at any time. Please refer to our Privacy Policy to better understand
your rights.Privacy Policy

Accept All Cookies
Cookie Preferences