Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Malvertising was once again on the rise in 2016, increasing 132% over 2015 according to RiskIQ’s 2016 Malvertising Report. Out of the approximately two billion ads we scanned, 7,623,099 had an associated blacklist incident, an occurrence rate of almost 0.4% meaning one in every 250 ads is associated with a blacklist incident.
This sharp increase, the reporting of which has become an annual tradition for threat researchers, comes as no surprise—the rise of programmatic advertising has introduced similarly sophisticated profiling capabilities, which threat actors can use to target precise groups of users to boost their return on investment. Malvertising is particularly effective, as it’s difficult to detect and take down because malicious ads are delivered through ad networks and not resident on web pages.
Fig-1 Per the report, RiskIQ detected 132.6 percent more malvertising in 2016
Threat actors perform Malvertising all kinds of ways. Sometimes it’s via a drive-by-download, where the target user doesn’t even have to be tricked into clicking on a malicious link; the ad downloads the infection from the iframe, often without their knowledge. Sometimes, the ad will download software which collects information on the user’s computer, or adbots that add to a wide-ranging fraudulent ad network. Ransomware is also a malvertising method, encrypting the unfortunate victim’s files and charging money to get them unencrypted.
Malvertising is so nefarious because it’s a direct attack on the lifeblood of the internet as we know it. Digital media marketing is what funds the “free” websites we all enjoy online, and the success of the internet and all the people that rely on it is inextricably linked to its success. According to a report compiled by eMarketer, worldwide paid media market, which accelerates every year, is at $542 billion—lower than eMarketer’s previous forecast.
Meanwhile, partly fueled by the looming threat of malvertising, Ad blocking in the US will continue to temper the growth of digital advertising. According to eMarketer, ad blocking will grow by double digits. In 2016, 69.8 million Americans were expected to use an ad blocker, an increase 34.4% over last year. In 2017, that figure is projected to grow by another 24% or 86.6 million people.
To combat this problem, RiskIQ scans over 2 billion pages and nearly 20 million mobile apps per day, resulting in a curated blacklist of malicious ads from across the Internet. This proprietary list sets RiskIQ apart, enabling customers to vet new demand sources and prevent malware within their ad infrastructure. RiskIQ is unique in that our crawling infrastructure allows us to capture the entire ad redirect chain and creative sources, which indicate which part of the ad-serving process was compromised, helps us identify the entity responsible for the threat.
In 2016, we improved our crawling and machine learning technology and augmented our traditional signature-based approach to identifying threats. Using a method called ‘representation learning,’ we teach our system by just showing it what a threat looks like rather than telling it exactly how to detect it, so it can evolve to identify threats as they change. As you’ll see in the 2016 Malvertising Report, these improvements have increased our ability to identify injections (compromised legitimate assets), malicious distribution systems, scams (by a large degree), and scareware/browser lockers.
Download RiskIQ’s 2016 Malvertising Report for the entire breakdown of the malvertising incidents found by RiskIQ in 2016, and how they compare to 2015:
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
Wondering where to spend your Monday night at #RSAC 2020? Look no further! RSVP now to come celebrate with Flashpoint, @elastic, @ThreatQuotient, @Siemplify, and @RiskIQ at IGNITE! http://bit.ly/2VrsOpJ
Tomorrow: Stop by the @CrowdStrike booth at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt #RSAC2020
The RiskIQ Illuminate app for @CrowdStrike shows your organization's security visibility gaps by analyzing CrowdStrike endpoint coverage and comparing it to @RiskIQ's view of your digital attack surface https://bit.ly/2HFXStG
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter