Malvertising isn't always about malicious advertising

Authored by Pat Ciavolella, Director of Digital Security and Operations.

Legitimate websites are a valuable prize for cybercriminals, and the abuse of these websites affects both their owners and the greater security of the global digital ecosystem. By compromising a legitimate website, cybercriminals take advantage of a brand’s good name to evade detection and reach as many targeted consumers as possible. What’s interesting is that advertising isn’t always the culprit for attacks on ad-supported websites.

Website security teams are on the alert

Compromised domains are websites that have been infected by malware. The malware infiltrates the website’s infrastructure either via a breach of admin privileges or advertising/content delivery mechanism and causes harm to consumers when they visit the website. The complexity of today’s programmatic landscape to efficiently target and deliver advertising/content to visitors is fertile ground for cybercriminals, which is why many well-known publishers adopt malware blockers to stop the malicious activity before it renders on consumer devices. However, a frequently overlooked avenue are plugins, especially the exploitation of outdated WordPress plugins that pepper the news every few weeks. These kinds of compromises are often an indication of a serious breach in website security; this code is not delivered through an ad network and, therefore, evades malware blocking solutions.

It happens more often than you think. The Media Trust’s Digital Security & Operations team discovered three different attacks in the course of five days that affected more than 10 publishers and their digital partners—many of which used malware blocking solutions. What did these incidents have in common? You guessed it: compromised website code, not advertising. 

Comprehensive means ad tags and website

Many consumers and website owners lack awareness of the threat to their websites and how to get assistance once their websites have been compromised. That’s why The Media Trust provides comprehensive website security to our customers that requires real-time scanning and blocking.

When talking to our clients, three interesting advantages become apparent:

  1. 24/7/365 support: The Media Trust provides continuous scanning and operational support to most of the world's most visited websites, including Alexa 500 websites. Our malware experts manage more than 1,000 active malware events each day. Through inspection of thousands of websites (including landing pages), the team identifies malicious behavior as soon as it emerges. The team issues real-time alerts on these events and also feed the malware data into our blocking solution (Media Filter) for the benefit of all clients.

  2. Flexibility: The Media Trust's Media Filter is extremely versatile allowing quick changes and adaptations when necessary. Major compromised websites often do not stay compromised for long, especially when we alert the website owner to problems. Our continuous scanning allows us to detect when a previously compromised website is no longer infected. Once confirmed, the website is removed from our blocklist to ensure the website owner can resume operations.

  3. Malware attribution capability: As an additional layer of security and quality, malware data is manually analyzed by our Digital Security and Operations Team. Not only does this more in-depth analysis drastically minimize false positives but also enables the identification of the malicious code source. Using this information, the team works with the upstream partner responsible for allowing the malware to enter the digital ecosystem to ensure the campaign is terminated.