Malicious ads make their way onto high profile news websites
A series of major news websites have seen adverts hijacked by a malicious campaign that attempts to install ransomware on users computers.
The adverts, predominately targeting sites in the US, may have exposed tens of thousands of people over the past 24 hours alone.
James Maude, senior security engineer at Avecto said this latest attack was further evidence that ransomware is becoming the cyber criminal’s weapon of choice:
“With a flurry of malvertising ransomware attacks originating from some of the largest and most popular websites, the topic of ransomware is on every security teams mind. It seems like every day brings new strains of ransomware and new attack vectors seen in the wild. With indiscriminate targeting of organizations, individuals and even hospitals these attacks are proving highly lucrative for cyber criminals. The recent appearance of ransomware on OS X is evidence of this success as the attackers seek to branch out into new platforms to increase their revenues.
“What is most concerning about these type of attacks is that most vendors can’t offer any solutions to the problem. Ransomware can evade detection, exploit Windows tools and simply exploit the user’s access to valuable data. To the home user this might be the family photos but to the enterprise this could be financial data or intellectual property stored on endpoints or shared locations. Many will tell you that backups are key to the fight against ransomware but this is more about resilience than security. A backup will not stop your data being accessed by an attacker, if they can encrypt files they can probably steal them as well. This is not an acceptable risk to take in the age of the data breach.
“Instead we need to look at proactive isolation of the attack vectors, if the web browser and content such as unknown Word documents are isolated from the user data then that data can never be encrypted. Not only can it not be encrypted but this isolated context makes it a lot easier to block payloads and scripts the malware drops to disk. If we move away from trying to detect the constantly evolving undetectable threats and control the common attack vectors though least privilege, whitelisting and sandbox isolation then we can not only handle todays threats but tomorrows as well.”