This article originally appeared in Information Security Buzz on August 28, 2019.
An international research team has discovered clickjacking scripts on 613 popular websites that are used for ad fraud or to redirect users to malicious websites. The research revealed some websites collude with third-party scripts to hijack user clicks for monetization. In particular, their analysis demonstrated that more than 36% of the 3,251 unique click interception URLs were related to online advertising, which is the primary monetization approach on the Web. Further, they discovered that users can be exposed to malicious contents such as scamware through click interceptions.
Pat Ciavolella, Digital Security And Operations Director , The Media Trust
Failure to take a more layered approach to security in today’s environment is nothing short of negligence. The rise of clickjacking in its various forms shows--if there was ever any doubt--that ad-supported websites’ war on malware is far from over. In fact, the battle is only intensifying, as malicious actors use new methods to conceal clickjacking scripts in advertising solutions used by legitimate sites. Make no mistake, mission is NOT accomplished—sophisticated malware incidents have doubled over the past two years, coinciding with online publications’ adoption of signature-based point solutions that can only stop known threats and can be easily avoided by many of today’s malware developers. Failure to take a more layered approach to security in today’s environment is nothing short of negligence. And, as we can see from recent headlines involving record fines on breached companies, data privacy regulators won’t shy away from handing down penalties to companies that have inadequate security measures.