SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Malvertising madness: New report reveals 1978% spike in phishing redirects
Wed, 1st Feb 2017
FYI, this story is more than a year old

The web lived through a massive spike in malvertising last year, but the numbers dictate just how far and wide the threats have spread.

A new malvertising analysis report from RiskIQ has shown that there has been a 1978.9% increase in redirections to phishing pages.

The huge increase in that and other types of malware has reached new highs, as attacks are delivered through popular sites such as Google and Facebook. These threats are becoming more pervasive and more difficult to detect and mitigate, RiskIQ says.

Alongside a general 132% increase in total malvertisements, the report found that malvertising has been used to propagate malware, phishing pages, pages hosting exploit kits, ransomware and scams.

The report also uncovered an 845.9% increase in scam detections, 22% increase in antivirus binary injections, a 25.8% increase in malicious distribution systems and a 58.1% increase in scareware and browser lockers.

“Malvertising is so nefarious because it's a direct attack on the lifeblood of the internet as we know it. Digital media marketing is what funds the ‘free' websites we all know and enjoy online. The success of the internet and all the people that rely on it is inextricably linked to online advertising success and safety,” says James Pleger, threat researcher from RiskIQ.

He says that publishers, advertising teams and platforms need to be visible, forensically informed and mitigated properly to deal with malicious ads in the wild.

 Worldwide paid media spending is set to hit $674 billion by 2020, according to a report by eMarketer, and Pleger says malvertising will severely threaten this market.

 “For example, users wary of malvertising will block all ads, hampering the success of the digital advertising industry. By the end of 2017, more than 86 million people are expected to use ad blockers,” he says.

RiskIQ mitigates risk by using a curated list of malicious ads, scanned from 2 billion pages and 20 million mobile apps per day.