Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Despite another increase in year over year malvertising detections, RiskIQ’s Q4 Malvertising Roundup shows the numbers are trending down.
For the second consecutive quarter, RiskIQ saw fewer malvertisements in the wild. In Q4, RiskIQ scanned nearly 10% fewer advertisements containing a blacklisted incident overall, which continues a trend highlighted in our Q3 report, showing a massive decrease in malvertising beginning in the second half of 2017. However, powered by huge numbers in the first half of the year, overall malvertising in 2017 increased 2.8% against 2016.
Threat actors perform malvertising in all kinds of ways—phishing, scams, exploit kits, and malware—sometimes even via a drive-by-download, where the target user doesn’t have to click on a malicious link; the ad downloads the infection from the iframe without their knowledge. Sometimes, the ad will download software, which collects information on the user’s computer, or adbots that add to a wide-ranging fraudulent ad network. Ransomware is also a malvertising method, encrypting the unfortunate victim’s files and charging money to get them unencrypted.
Advertisements containing a blacklist incident observed by RiskIQ in Q4 2017
As usual, it’s interesting to note how the type of malvertising fluctuates, and how that may indicate a change in attacker tactics. After spiking in Q3, RiskIQ saw a drastic decrease in malvertising incidents containing malware (-67.5%) in Q4. We also saw a precipitous drop in advertisements using phishing techniques for the second quarter in a row. However, despite general declines in detections, there was a small increase in scams, or disingenuous advertising, which bucked a two-quarter trend.
Malvertising is so nefarious because it’s a direct attack on the lifeblood of the internet as we know it. Digital media marketing is what funds the “free” websites we all enjoy online, and the success of the internet and all the people that rely on it is inextricably linked to its success. According to a report compiled by eMarketer, worldwide paid media market, which accelerates every year, is at $542 billion—lower than eMarketer’s previous forecast.
To combat this problem, RiskIQ scans billions of pages and nearly 20 million mobile apps per day, resulting in a curated blacklist of malicious ads from across the internet. This proprietary list sets RiskIQ apart, enabling customers to vet new demand sources and prevent malware within their ad infrastructure. RiskIQ is unique in that our crawling infrastructure allows us to capture the entire ad redirect chain and creative sources, which indicate which part of the ad-serving process was compromised, and helps us identify the entity responsible for the threat.
Learn more about how RiskIQ can proactively scan and track ads as they traverse the supply chain so you can empower your team to take immediate action to identify and remove malicious malvertisement hosts and advertisers from
your network or publisher website, minimizing the threat to your end users.
Research by Forrest Gueterman
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
#RDP is now a top #ransomware attack vector. As #COVID19 forced businesses to operate remotely, RiskIQ detected in a significant spike in RDP instances worldwide. Is your organization keeping track of internet-exposed services across its attack surface? https://bit.ly/3dr7Qgv
Via @Forbes: #COVID19 meant the redistribution of your company—staff, operations, and digital presence—outside the firewall. It also meant the redistribution or your attack surface, which requires a new approach to protect https://bit.ly/3e4ZjQy
RiskIQ's #COVID19 Internet Intelligence Gateway is a one-stop resource center for fighting pandemic-related cybercrime. Access crucial intelligence including reports and blacklists, and command our global crawling network to analyze suspicious URLs https://bit.ly/3gufrNr
4 out of 5 digital assets contain vulnerable web components, both corporate-owned and third-party. We'll show you how to discover these unknowns and investigate threats targeting them. https://bit.ly/3cOzJ0T