Ads on safe websites are safe to click on, right?
Yes, even ads on websites as trusted as YouTube can lead to malware infection.
In fact, Ads on ANY website can deliver malware to your PC. which can spread to your business network.
Cyber criminals don’t manage this by hacking into trusted websites. The ads themselves are delivered via a third party content network. This means the ads are loaded inside the webpage from an external network that is not part of the website. Therefore a cyber criminal only has to infect one ad delivered by one ad network (ideally the most intriguing one with an eye catching picture) in order to get you to infect your PC with malware, when you thought your were safe.
This is known as “malvertising” and it catches users out by compromising them where they think they are safe.
Be careful of ads on websites! Don’t click if it’s just because of your curiosity!
Highly trafficked websites outsource the ad content on their pages to a large number of third party ad networks. Many of these are well known, like Google and Amazon, but there are also many other third party ad content providers who are much smaller. When you visit a website, you’re actually connecting to more than just one URL – as that site usually needs to pull content from multiple other sites too. Perhaps surprisingly, this can number in the dozens as pop-ups, pop-overs, videos, call to action buttons, tracking code and script needs to load from external sites.
The more curious it makes you, the more you should avoid it. Cyber criminals are targeting specific organisations, so if you see a highly intriguing ad that seems to be talking specifically about your business, then it should be avoided.
An article from Wired explained that:
“An attacker looking to compromise certain high value victims can emplace malicious ads configured to appear in front of attorneys, scientists or other individuals who might be keyword-searching hotel rates at sensitive industry conferences or other gatherings. As the fight against phishing has taught us, if you use familiar and comfortable jargon, geography and other nuances in your socially-engineered attack, you are much more likely to hit the target.”
What could happen if you unintentionally install malware?
Malware can do pretty much anything on your PC, and it can spread around your business.
You won’t necessarily know that you’ve been infected with it. It can sit in the background, monitoring communications and collecting information to be used in a later cyber attack (e.g. an over the phone vishing attack/CEO fraud), or it could sit there encrypting all of your files to later present you with a demand for ransom.