Categories: NewsSecurity Tips

Malvertising targets old outdated software

Malvertising targets old outdated software. So, according to Confiant, using modern web browsers, ad blockers and keeping the operating system up to date with the security updates can prevent being infected.

Usually, threat actors target malvertising at specific web browsers and operating systems. For instance, those who push exploit kits show ads to Internet explorer users. This is because they target the browser’s vulnerabilities.

For instance, malvertisers pushing exploit kits will show ads to Internet Explorer users as they target the browser’s vulnerabilities. Also, ads pushing the Mac Shlayer Trojan will only show the ads to macOS users.

So, Confiant analyzed 378 million blocked malicious ads between Oct. 15, 2019 – Jan. 15, 2020. Thus, it illustrated how bad guys target companies and government agencies based on the browsers or operating systems.

Some agencies still use Internet Explorer

Microsoft releases new security updates, every month, on Patch Tuesday. This is how they fix , every time, new vulnerabilities in the outdated Internet Explorer browser. Usually, the vulnerabilities become targets of the exploit kits. Thus, these install ransomware, remote Trojans (RATs), password-stealing Trojans etc. Still, there are still organizations that use this browser and keep their networks vulnerable.

Alyia Stein, a Confiant security researcher, explained that, in fact, malvertisers usually target the technology, not the government agencies. It is the case of the United States Geological Survey and the United States Postal service. They both are heavily targeted by malvertising campaigns by Zirconium and Yosec.

According to the report, Macs are targeted even more. Also, outdated browsers remain a huge problem for the Fortune 100 companies. Here, Zirconium takes a huge market share of the malvertising campaigns. In the case of huge companies such as Home Depot, FedEx or Chevron, over 40% of the malvertising attacks come towards outdated browsers. So, specialists advise companies to move their employees towards modern browsers. Moreover, they explain that these provide a more secure auto-updating mechanism.

Jeopardized networks

Most malvertising redirect users to fake giveaways, tech support scams, and adult sites. But exploit kits could also use vulnerabilities to install malware. This would allow attackers to gain access to the networks. Thus, they can steal corporate secrets or compromise more devices. Eventually, they spread ransomware in the network.

Experts say that even when users update their browser and increase security, attackers switch to a different targeting method. In conclusion, the solution would be for organizations to use security software, ad blockers and improve their overall security.

“Updating browsers is important, but at the same time I think that the attackers will just use something else for targeting purposes,” Stein told BleepingComputer.

As malvertising targets old outdated software, government agencies and the enterprise should instead increase their overall security posture. Moreover, this can be done by using security software (even on Macs), web filtering services, ad blockers, and threat intelligence services

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

View Comments

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

2 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

2 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

2 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

2 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago