Hackers use malvertising, also known as malicious advertising, to insert malicious code into online advertisements to spread malware on a company’s website. Cybercriminals purchase ad space on reliable websites so that their advertisements appear legitimate. Yet these advertisements contain malicious code that redirects users to a landing page that installs malware or installs viruses or phishing software. It is estimated that 1 in every 200 online ads is malicious.
How malvertising works
Users who click on the advertisements with malicious code are directed to a server that exploits the vulnerability of a user’s machine. Once the device is compromised, malware is installed by bypassing security systems and can open the door for viruses or spyware to enter a user’s computer system. These attacks often occur without the user’s knowledge or any interaction with the code. Malvertising first began by tricking users into clicking banner ads by saying their device had already been compromised. Now, it is not necessary to click on the ad for it to run an exploit kit. An exploit kit is a type of malware that determines the vulnerability of a computer or device and then exploits it. It helps malicious code bypass security systems while also allowing malware to gain full access to a computer or device.
Why is malvertising important
Legitimate websites are not even aware that they are supplying malicious content. Many popular and well-known websites have been targeted by malvertising because it is hard to catch as users do not need to click on the ads; people can become a victim of malvertising by simply visiting a site with a malicious ad. Malvertising poses a threat especially to healthcare providers, as this technique has been used to inject malicious code in Covid-19 related advertisements.
Comparing malvertising vs adware
Malvertising can be confused with adware, but there are some key differences between the two. The most significant difference is that malvertising does not generate direct profits for cybercriminals. However, it creates a loophole for cybercriminals to make money through other methods like ransomware or spyware. On the other hand, cybercriminals directly profit from adware by generating and driving unauthorized traffic. Unlike malvertising, adware is presented through the operating system and constantly runs on a user’s device. Adware is often placed into software that is part of a download package. It sends targeted ads to a user and makes money on the number of clicks from each user.
How to prevent malvertising
Healthcare providers can prevent data breaches and HIPAA violations from malware attacks by having solid cybersecurity protection, including email security. Paubox Email Suite Plus, our HITRUST CSF certified email encryption solution, is revolutionizing how healthcare providers protect themselves against cyberattacks. Our inbound email security blocks adware, spam , malware, and other threats from reaching the inbox. It includes ExecProtect, our patented feature that combats display name spoofing . It also enables HIPAA compliant email by default, sent from your existing email client (such as Google Workspace or Microsoft 365 ).
SEE RELATED : The Complete Guide to HIPAA Violations