Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded...
Transcript of Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded...
![Page 1: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/1.jpg)
How to Avoid Malvertising Leading to Phishing and Other Problems
Gene Gusman, Experian Marketing Services
![Page 2: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/2.jpg)
Agenda
n What is Malvertising? n What forms does it take? n What damage can it cause? n What should responsible companies do to
minimize the risk? n What to do when there is a malvertising event? n What is the future of malvertising?
![Page 3: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/3.jpg)
What is Malvertising? n Malicious Software (Malware) + Advertising n Spreads malware through digital ads n Malicious ads injected on legitimate sites n Malicious ads sent via email n Malware placed on visitor’s computer
![Page 4: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/4.jpg)
What is Malvertising? n Malware
n Steals/Destroys info n Compromises/Disrupts systems n Uses systems anonymously to attack others
LEVERAGES n Advertising
n Broad exposure of advertising n Sophisticated targeting technology
![Page 5: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/5.jpg)
In the Beginning … n 2007 – first recorded sighting of malvertising -
based on a vulnerability in Adobe Flash (a product that continues to have vulnerabilities today)
n 2009 NY Times hit by malvertising – a pop-up posing as an anti-virus scanner.
![Page 6: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/6.jpg)
What forms does it take? n Paid Ads on Ad Networks n Paid Ads using Google AdWords n Drive-by downloads n Hidden iframes n Pop-up ads for deceptive downloads n Pop-under ads (ad window behind the main window) n Fake cancel buttons n Malicious banners on websites n Phishing
![Page 7: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/7.jpg)
How does it work?
![Page 8: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/8.jpg)
How does it work? n Cybercriminals sign up to ad network n Warm their reputation with good ads n Upload malicious ads n Site visitor unknowingly receives malware
n Various techniques such as hidden iFrames – redirect to exploit site
n Landing page code finds vulnerabilities and installs malware
n Bad things happen n Data stolen/destroyed n Use target for bot attacks n Phishing
![Page 9: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/9.jpg)
Trojan Rabbits
![Page 10: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/10.jpg)
Worms
![Page 11: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/11.jpg)
Rootkits
![Page 12: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/12.jpg)
Ransomware
![Page 13: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/13.jpg)
What are the types of malware?
n Trojan – tricks users into running it n Worm – spreads through replication n Rootkits – allows hidden functionality / backdoor n Ransomware – demands payment to unlock
system/files
![Page 14: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/14.jpg)
What damage can it cause? n Email attacks such as Phishing from infected machine n Loss of information n Loss of system access n Corruption of data n Stolen information n Compromise of security credentials n Loss of funds from bank accounts n Use of company servers to attack other targets n System/Data held at ransom n Damage to brand
![Page 15: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/15.jpg)
Ransomware – Voted most popular
n “According to the FBI, ransomware attackers collected more than $209 million in ransom during the first three months of 2016 alone, with the volume of attacks 10 times higher than all of 2015. …
n Most ransomware spreads through phishing email, though mobile devices and infected websites are also vectors”
(from the Proofpoint Ransomware Survival Guide)
![Page 16: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/16.jpg)
Why has Ransomware Increased?
n Low cost to implement n More channels for distribution n Targets can be willing and able to pay large
ransoms n Collection is easy via Bitcoin or other digital
currency.
![Page 17: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/17.jpg)
What should responsible companies do to minimize the risk of malvertising?
![Page 18: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/18.jpg)
Protect clients and their subscribers
n Protect clients from Phishing against their subscribers n Scan all attachments or simply do not permit them n Scan entire email content for dangerous URLs, script,
images. n Check all domains in the email, including the header if
you allow your clients to change any field other than friendly from
n Have them use DMARC with a policy of reject
n Design your systems/software with security in mind
![Page 19: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/19.jpg)
Protect Against Inbound Attacks
n Use email, mobile and social media security software n anti-virus , anti-malware software, etc. n Not foolproof, esp. for new/zero-day attacks
n Adjust browser/plug-in settings n Create regular backups n Run regular backup and restore drills n Maintain up to date software: OS, security
software and patches
![Page 20: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/20.jpg)
Protect Against Inbound Attacks n Train employees about social engineering attacks
n What not to do n How to recognize phishing, malware, ransomware, etc.
n What to do n Disconnect your computer from the network (wired AND
wireless) n Report attack immediately to the security team
n Ongoing n Refresher courses n New employees – part of staff onboarding
![Page 21: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/21.jpg)
Stay Informed n Participate in industry events n Join industry coalitions n Educate staff (internally or 3rd party programs)
![Page 22: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/22.jpg)
What to do when there is a malvertising event?
n Analyze – automate data collection/analysis n Contain – automate quarantine/containment n Eradicate – remove and clean systems n Recover – from backups
![Page 23: Panel 4 -- How to Avoid Malvertising Leading to Phishing ... 4... · 2007 – first recorded sighting of malvertising - based on a vulnerability in Adobe Flash (a product that continues](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f6730034fd8981ba60e28db/html5/thumbnails/23.jpg)
What is the Future of Malvertising?
n Advances in security systems n Personalization – good for marketers – good for
criminals n Use of Artificial Intelligence for attacks and
defense