Over the past months, the BBC, the New York Times, and other major news and commercial websites became victims of Malvertising attacks. DOROS HADJIZENONOS, Country Manager of Check Point South Africa explains.
One of the most prominent ways malware spreads is by infecting websites and delivering drive-by attacks. When a user visits an infected site an exploit kit is activated. Once activated, the kit checks to see if the machine is vulnerable to one or more of the exploits it contains. If so, it leverages the vulnerability to install malicious software on the user’s device. Since this is a common threat, most websites harden their systems to protect themselves and their visitors from infection.
However, hackers can avoid the need to infect a well-guarded website by infecting the servers that supply advertisements to them instead. This form of attack is called Malvertising and is extremely effective for attackers who wish to reach a broad audience with their malware. The more popular the website, the larger the impact will be.
A Growing Trend
Malvertising is not a new form of an attack, but it has become headline news after several recent occurrences. At the beginning of March, a large Malvertising campaign targeting Baidu’s advertising platform was revealed. Despite having started in October 2015, this campaign’s evasive and elaborate nature enabled it to remain undercover and impact countless users in China for over four months. Two weeks later, several major news sites, including the BBC and New York Times, were hit with a Malvertising campaign. Visitors to these sites were targeted by a ransomware variant, similar to the infamous Cryptolocker attack, served by the Angler exploit kit. The attackers did not stop after the campaign was finally exposed.
They simply changed tactics to target videos as their Malvertising platform, instead of infecting users as they previously had through web banners. The campaign continued successfully targeting the Fox News website, among others.
Another recent Malvertising campaign targeted Australian users with an even more complex attack flow. First, they infiltrated a law firm’s website. Then they created fake advertisements containing the firm’s logo and published them on the Gumtree website, a subsidiary of eBay, which receives 48 million visitors a month. The attackers were able to stay hidden by altering the supplied ads, switching between benign and malicious ones, making it harder for security vendors to identify them.
It is interesting to notice that hackers often attack suppliers who work with the main websites, rather than attacking the sites themselves. Often times, leveraging an attack through a supplier proves an easier path to success than a direct attack on the intended victim. We have seen this pattern with several Malvertising attacks. The same approach was used in the infamous Target hack, in which the attackers infiltrated Target’s network by compromising the network of Target’s suppliers first.
For this reason, we believe that the Malvertising trend will continue to impact major sites and users worldwide. In order to mitigate it, Ad servers must enhance their security measures and ensure the content they supply is legitimate.
How Can You Protect Your Organisation?
What we have learned from recent Malvertising attacks is that education and awareness about these threats are not enough to stay protected. Even the standard security measures that already exist in most organisations are only capable of preventing known threats and are not capable of countering the advanced, continuously evolving tactics of today’s cybercriminals.
Organisations that wish to stay fully protected must elevate their threat prevention strategies and protect themselves, not only from known threats, but also against unknown malware and zero-day threats, like Malvertising. To address this challenge, Check Point offers SandBlast Zero-Day Protection; the most advanced solution to protect against these new and unknown malware and advanced threats.
As selfie cameras rise, so must selfie etiquette
Selfies were once a sign of narcissism or self-obsession. Now they are the new normal, writes ARTHUR GOLDSTUCK.
You can blame Oxford Dictionaries for making the “selfie” respectable. After all, being named Word of the Year, as it was in 2013, does tend to soften some of the self-consciousness in this most self-conscious of actions.
Once seen as a symbol of narcissism and self-obsession, it is now the new normal, to the extent that most smartphones are sold on the basis of the front camera. Or, as that feature is now almost universally named by manufacturers, the “selfie camera”.
I was one of the hold-outs, having a near-allergy to the selfie. I still resist, but succumb more often than I would like. The reason for continued resistance is that it remains a big leap from the word becoming respectable to the action itself shedding its narcissistic image.
For most, it’s already happened, and for that you can blame Ellen DeGeneres. She choreographed the most famous group selfie yet at the 2014 Oscars, when she roped a bunch of actors into a group selfie, using the then-new Samsung Galaxy S5 smartphone. Her tweet of the photo became what was then the most retweeted posting ever on Twitter, and was estimated to have been worth a million dollars in marketing value to Samsung.
Ironically, it was Samsung’s up-and-coming challenger, Huawei, that came up with a new word for this type of selfie: the “groufie”. Thanks to an 8 Megapixel front camera on the new Huawei Ascend P7 camera that year which took the highest quality selfies – and groufies – possible on a smartphone at the time.
It didn’t end there, and selfies and groufies have morphed into variations like selfscapes (selfie in a landscape), skyfies (selfies from the air, using remote controlled devices) and jerkies (selfies to make an idiot out of yourself). I invented all of those on the fly, so it’s easy to imagine a new word emerging for every type of selfie.
Continue reading about selfie improvements through the years.
Mickey’s 90th for SA
Disney Africa announced the local launch of the Mickey the True Original campaign, joining the global festivities honouring 9 decades of Mickey Mouse, his heritage, personality and status as a pop-culture icon.
As 18 November 2018 marks 90 years since his first appearance in Steamboat Willie in November 1928, a series of world-wide celebrations will be taking place this year and South Africa is no different.
The campaign will come to life with engaging content and events that embrace Mickey’s impact on the past, present and future. The local festivities kick off in earnest this month, leading up to Mickey’s 90th anniversary on 18 November 2018 and beyond:
- An exclusive local design project where ten highly talented South African artists will apply their own inspiration and artistic interpretation on 6-foot Mickey Mouse statues.
- Once revealed to the public, the statues will form part of the Mickey the True Original South African Exhibition, inspired by Mickey’s status as a ‘true original’ and his global impact on popular culture. The exhibition will travel to 3 cities and delight fans and families alike as they journey with Mickey over the years. Featuring 4 sections highlighting Mickey’s innovation, his evolution, influence on fashion and also pop culture, the exhibition is in collaboration with Samsung and Edgars, and will visit:
o Sandton City, Centre Court: 28 September – 14 October
o Gateway Theatre of Shopping, Expo Explore Court: 19 October – 11 November
o Canal Walk Shopping Centre. Centre Court: 16 November – 26 November
- Samsung continues their collaboration with Disney as they honour Mickey’s 90th anniversary nationally at all Samsung and Edgars Stores. Entitled Unlocking the Imagination, fans are encouraged to visit these stores, take a selfie with a giant Mickey plush toy using their Samsung Galaxy Note9 and stand a chance to win not only a giant Mickey plush, but also an international family trip. Visit www.Samsung.com for more information
- Mickey’s 90th Spectacular, a two-hour prime-time special, will be screened on M-Net 101 later this year. The elegant affair will feature star-studded musical performances, moving tributes and never-before-seen short films. Superstars from music, film and television will join the birthday fun for the internationally beloved character.
- In addition, look out for special programming on Mickey’s birthday (18 November) across Disney Channel (DStv, Channel 303), Disney XD (DStv, Channel 304) and Disney Junior (DStv, Channel 309).
- In retailers, Edgars will be stocking a complete collection of trendy fashion, accessories and footwear for the whole family, inspired entirely by Mickey Mouse.
- Mickey will be the central theme of an in-store campaign nationwide this November and December, with brand new products, apparel, toys, as well as titles from Disney Publishing Worldwide, including books, arts & crafts and comics
- Discovery Vitality and Disney are celebrating healthy, happy families this festive season by offering helpful and exciting tips and tricks on how to eat nutritious, yet delicious, foods, all inspired by Mickey. There’s also a trip to Disneyland Paris up for grabs. Log on to www.discovery.co.za/vitality for information.
- And much more – check the press for updates
“Binding generations together more than any other animated character, Mickey Mouse is the “True Original” who reminds people of all ages of the benefits of laughter, optimism and hope,” says Christine Service, Senior Vice President and Country Manager of The Walt Disney Company Africa. “With his universal appeal and ability to emotionally connect with generations all over the world, no other character quite occupies a similar space in the hearts and minds of a global fan base and we are thrilled to be sharing these local festivities.”
Mickey’s birthday is celebrated in honour of the release of his first theatrical film, Steamboat Willie, on 18th November 1928, at the Colony Theatre in New York City. Since then, he has starred in more than 100 cartoons and can currently be seen on Disney Channel (DStv, Channel 303) in the Mickey Mouse cartoon series and on Disney Junior (DStv, Channel 309) in Mickey and the Roadster Racers.
South African fans are encouraged to share their Mickey Mouse moments on social media using the hashtag#Mickey90Africa.