Protect Against Malvertising with an Active Security Strategy

If you pay attention to the world of security you’ve probably heard about the upswing in a type of attack known as Malvertising.

If you pay attention to the world of security you’ve probably heard about the upswing in a type of attack known as Malvertising. Data Breach Today and Dark Reading recently featured articles on the subject. If you haven’t heard of it, Malvertising is the practice of inserting corrupted advertisements into trusted web sites, making them look just like any other ad that you may be enticed to click on.  If you do click, you are redirected to a hosting site that will deliver some type of malware directly to your device, which could be ransomware, a bot client, traditional virus, or anything that would be of use for the attacker.  Stopping this type of attack is more difficult than blocking traditional spam or email phishing attacks since the highly distributed nature of the Internet makes connections via advertisements to little-known or trusted domains very common.

Passive reliance on external parties such Google, ad vendors and agencies, industry groups, or government bodies isn’t the answer to solving this challenge. Malvertising isn’t going away. IT leaders need a solid strategy to deal with it by proactively identifying and blocking malicious ads as soon as they hit your network.

So what can you do?  Perhaps the most significant impact a security team can have on this problem is to start paying attention to the types of domains being accessed by all the devices on the networks.  DNS queries related to newly created domains, or those with low reputational scores should be disallowed by default, with exceptions made only after careful analysis.  The next action should be to ensure that only devices on your network that actually need access to external resources have that access.  For example, your IP-based security cameras probably don’t need to access an ad linked to eBay.  Those devices should be limited to accessing the resources they need to do their job and nothing more.  Finally, while you may not be able to prevent people from clicking on Malvertisements you should at least have the visibility into the actions of all devices on your network so that you can see when those devices start to exhibit changes in their behavior that may indicate some sort of compromise.  Visibility is the foundation of detection, and early detection has become the key to success in the new world of security.

To find out more about proactively protecting your enterprise from a range of security threats, click here.


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Banner announcing BlueCat's acquisition of LiveAction, displaying both logos and the phrase "We're about to get bigger."

BlueCat acquires LiveAction to drive network modernization and optimization

BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.

Read more

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

BlueCat has acquired LiveAction

It’s official! BlueCat has acquired LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.