Malicious Advertising Infects News, Entertainment Websites | eWeek

Malicious Advertising Infects News, Entertainment Websites

malware and bromide
Écrit par
Nathan Eddy
Nathan Eddy
Jul 31, 2015
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

More than 50 percent of malicious advertising (malvertising) is unknowingly hosted on news and entertainment websites, Flash exploits have increased 60 percent in the past six months, and the growth of ransomware families has doubled each year since 2013, according to Bromium’s latest exploitation trends report.

More than 58 percent of online advertisements with hidden malware were delivered through news websites (32 percent) and entertainment websites (26 percent); notable websites unknowingly hosting malvertising included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com.

“Malvertising is a tough challenge for both enterprises and Internet users, primarily because attackers are injecting malicious ads on legitimate popular websites,” Rahul Kashyap, chief security architect and senior vice president of security and solutions engineering at Bromium, told eWEEK. “In the past, ad-blocking technologies have been used to block online advertisements altogether, but with increasing proliferation of online advertising, it’s important for online advertisers to step up their game and improve the integrity of online ads, the responsibility needs to be shared.”

During the first six months of 2015, Flash experienced eight exploits, an increase of 60 percent since 2014, when there were five exploits.

Most active exploit kits are now serving Flash exploits, potentially impacting a large number of Internet users, given the ubiquity of Adobe Flash.

Kashyap noted the emergence of HTML5 and frequent exploitation used for several malware campaigns is likely to challenge the future of Flash.

In the first six months of 2015, nine new ransomware families emerged, including CoinVault, TeslaCrypt, Cryptofortress, PClock, AlphaCrypt, El-Polocker, CoinVault 2.0, Locker and TOX.

This represents an 80 percent increase from 2014 and represents a significant growth in ransomware since 2013, when there were only two ransomware families, Cryptolocker and Crytowall.

“In the first six months of 2015, malware authors focused on Flash and browser exploits to infect victims, but attackers are continuing to recalibrate attack vectors and tactics,” Kashyap said. “The common denominator continues to be the targeting of end users with the ‘classic’ spear phishing emails or drive-by downloads. It’s unlikely this infection ‘strategy’ is going to dramatically change, and we can definitely expect more evasive malware.”

He also noted that in many cases, zero day exploits are not needed to launch malware as enterprises are slow to adopt and they have operational challenges in taking new codebase, and cyber criminals thrive on this.

“To sum it up –expect more of the same. It’s working quite well from the attackers’ viewpoint,” he said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.