Malvertising In Cyber Security Training Ppt

Slide 2

This slide gives information about malvertising attacks. In a malvertising attack, harmful code is injected into legitimate online advertising networks, and the code usually redirects users to malicious websites.

Slide 3

This slide depicts the effect of malvertising on users. Malvertising may carry out attacks against users viewing the malvertisement without clicking it , with the display of unwanted advertisements, etc.

Slide 4

This slide discusses the harmful effects of malvertising. When people click on a malicious ad, malvertising may execute programs that infect a user's machine with malware or adware, and redirect the user to a malicious website, etc.

Slide 5

This slide depicts the effect of malvertising on publishers. Publishers are at risk of having their reputations tarnished, losing customers and revenue, and facing legal implications because of the damage caused to users who happen to visit their sites.

Slide 6

This slide discusses how malware is inserted into ads. Attackers employ the below given delivery methods to insert harmful malware into advertisements.

Instructor’s Notes:

• Malware in ad calls: Whenever a website shows a page with an advertisement, the ad exchange pushes adverts to the user via multiple third parties. An attacker compromises one of these third-party servers and add malicious code to the ad payload
• Malware in an ad creative: A text or banner ad may contain malware. For instance, HTML5 allows for the delivery of advertisements as a combination of images and JavaScript, which may have dangerous code. Ad networks that deliver ads in Flash (.swf) format are very vulnerable to this 
• Malware within a pixel: Pixels are pieces of code inserted in an ad or a landing page, which sends data to a server for tracking. A legitimate pixel only sends data. If an attacker intercepts a pixel’s delivery path, it can send a malicious code as a response to the user’s browser.
• Malware within a video: Video players do not defend against malware. For instance, third-party pixels from a standard video format called VAST may include malicious code. Videos can infect users by displaying a malicious URL at the end of the video
• Malware injected post-click: When a user clicks an advertisement, they are often redirected through several URLs before arriving at the ad landing page. Any compromised URL along this delivery chain allows the attacker to run malicious malware
• Malware on a landing page: There may be clickable elements that run malicious code even on legitimate landing pages that trustworthy websites provide. This type of malware is dangerous because users can click an ad, land on a real/legitimate landing page but still get infected by a malicious on-page element
• Malware within a flash video: Flash-based videos can inject an Iframe into the page that downloads malware, without the knowledge of the user

Slide 7

This slide discusses how users can mitigate the risk of malvertising. Antivirus software can protect against drive-by downloads or malicious code that malvertising executes.

Slide 8

This slide tells us how publishers can mitigate the risk of malvertising. Carefully examine ad networks and research ad delivery paths and security practices is the first and major step that you should take.