Over the past months, the BBC, the New York Times, and other major news and commercial websites became victims of Malvertising attacks. DOROS HADJIZENONOS, Country Manager of Check Point South Africa explains.
One of the most prominent ways malware spreads is by infecting websites and delivering drive-by attacks. When a user visits an infected site an exploit kit is activated. Once activated, the kit checks to see if the machine is vulnerable to one or more of the exploits it contains. If so, it leverages the vulnerability to install malicious software on the user’s device. Since this is a common threat, most websites harden their systems to protect themselves and their visitors from infection.
However, hackers can avoid the need to infect a well-guarded website by infecting the servers that supply advertisements to them instead. This form of attack is called Malvertising and is extremely effective for attackers who wish to reach a broad audience with their malware. The more popular the website, the larger the impact will be.
A Growing Trend
Malvertising is not a new form of an attack, but it has become headline news after several recent occurrences. At the beginning of March, a large Malvertising campaign targeting Baidu’s advertising platform was revealed. Despite having started in October 2015, this campaign’s evasive and elaborate nature enabled it to remain undercover and impact countless users in China for over four months. Two weeks later, several major news sites, including the BBC and New York Times, were hit with a Malvertising campaign. Visitors to these sites were targeted by a ransomware variant, similar to the infamous Cryptolocker attack, served by the Angler exploit kit. The attackers did not stop after the campaign was finally exposed.
They simply changed tactics to target videos as their Malvertising platform, instead of infecting users as they previously had through web banners. The campaign continued successfully targeting the Fox News website, among others.
Another recent Malvertising campaign targeted Australian users with an even more complex attack flow. First, they infiltrated a law firm’s website. Then they created fake advertisements containing the firm’s logo and published them on the Gumtree website, a subsidiary of eBay, which receives 48 million visitors a month. The attackers were able to stay hidden by altering the supplied ads, switching between benign and malicious ones, making it harder for security vendors to identify them.
It is interesting to notice that hackers often attack suppliers who work with the main websites, rather than attacking the sites themselves. Often times, leveraging an attack through a supplier proves an easier path to success than a direct attack on the intended victim. We have seen this pattern with several Malvertising attacks. The same approach was used in the infamous Target hack, in which the attackers infiltrated Target’s network by compromising the network of Target’s suppliers first.
For this reason, we believe that the Malvertising trend will continue to impact major sites and users worldwide. In order to mitigate it, Ad servers must enhance their security measures and ensure the content they supply is legitimate.
How Can You Protect Your Organisation?
What we have learned from recent Malvertising attacks is that education and awareness about these threats are not enough to stay protected. Even the standard security measures that already exist in most organisations are only capable of preventing known threats and are not capable of countering the advanced, continuously evolving tactics of today’s cybercriminals.
Organisations that wish to stay fully protected must elevate their threat prevention strategies and protect themselves, not only from known threats, but also against unknown malware and zero-day threats, like Malvertising. To address this challenge, Check Point offers SandBlast Zero-Day Protection; the most advanced solution to protect against these new and unknown malware and advanced threats.
Kenya tool to help companies prepare for emergencies
After its team members survived last week’s Nairobi terror attack, Ushahidi decided to release a new preparedness tool for free, writes its CEO, NAT MANNING
On Tuesday I woke up a bit before 7am in Berkeley, California where I live. I made some coffee and went over to my computer to start my work day. I checked my Slack and the news and quickly found out that there was an ongoing terrorist attack at 14 Riverside Complex in Nairobi, Kenya. The Ushahidi office is in Nairobi and about a third of our team is based there (the rest of us are spread across 10 other countries).
As I read the news, my heart plummeted, and I immediately asked the question, “is everyone on my team okay?”
Five years ago Al-Shabaab committed a similar attack at the Westgate Mall. We spent several tense hours figuring out if any of our team had been in the mall, and verifying that everyone was safe. We found out that one of our team member’s family was caught up in the attack. Luckily they made it out.
At Ushahidi we make software for crisis response, including tools to map disasters and election violence, and yet we felt helpless in the face of this attack. In the days following the Westgate attack, our team huddled and thought about what we could build that would help our team — and other teams — if we found ourselves in a similar situation to this attack again. We identified that when we first learned of the attack, nearly everyone at Ushahidi had spent that first precious few hours trying to answer the basic questions, “Is everyone okay?”, and if not, “Who needs help?”
People had ad-hoc used multiple channels such as WhatsApp, called, emailed, or texted. We had done this for each person at Ushahidi (their job), in our families, and important people in our community. Our process was unorganised, inefficient, repetitive, and frustrating.
And from this problem we created TenFour, a check in tool that makes it easier for teams to reach one another during times of crisis. It is a simple application that lets people send a message to their team via SMS, Slack, Voice, email, and in-app, and get a response. It also works for educational institutions, companies with distributed staff, as well as part of neighbourhood networks like neighbourhood watches.
This week when I woke up to the news of the attack at Riverside, I immediately opened up the TenFour app.
Click here to read how Nat quickly confirmed the safety of his team.
Kia multi-collision airbags
The world’s first multi-collision airbag system has been unveiled by Hyundai Motor Group subsidiary KIA Motors, with the aim of improving airbag performance in multi-collision accidents.
Multi-collision accidents are those in which the primary impact is followed by collisions with secondary objects, such as other vehicles, trees, or electrical posts, which occur in three out of every 10 accidents. Current airbag systems do not offer secondary protection when the initial impact is insufficient to cause them to deploy.
However, the multi-collision airbag system allows airbags to deploy effectively upon a secondary impact, by calibrating the status of the vehicle and the occupants.
The new technology detects occupants’ positions in the cabin following an initial collision. When occupants are forced into unusual positions, the effectiveness of existing safety technology may be compromised. Multi-collision airbag systems are designed to deploy even faster when initial safety systems may not be effective, providing additional safety when drivers and passengers are most vulnerable. By recalibrating the collision intensity required for deployment, the airbag system responds more promptly during the secondary impact, thereby improving the safety of multi-collision vehicle occupants.
“By improving airbag performance in multi-collision scenarios, we expect to significantly improve the safety of our drivers and passengers,” said Taesoo Chi, head of the Hyundai Motor Group’s Chassis Technology Centre. “We will continue our research on more diverse crash situations as part of our commitment to producing even safer vehicles that protect occupants and prevent injuries.”
According to statistics by the National Automotive Sampling System Crashworthiness Data System (NASS-CDS), an office of the National Highway Traffic Safety Administration (NHTSA) in USA, about 30% of 56,000 vehicle accidents from 2000 to 2012 in the North American region involved multi-collisions. The leading type of multi-collision accidents involved cars crossing over the centre line (30.8%), followed by collisions caused by a sudden stop at highway tollgates (13.5%), highway median strip collisions (8.0%), and sideswiping and collision with trees and electric poles (4.0%).
These multi-collision scenarios were analysed in multilateral ways to improve airbag performance and precision in secondary collisions. Once commercialised, the system will be implemented in future new KIA vehicles.