Press Releases

RiskIQ Reports 260 Percent Spike in Malicious Advertisements in 2015

Flash Updates Replace Fake AV and Java Updates as Most Common Lure for Tricking Victims to Install Malicious Software

LAS VEGAS -- Aug. 4, 2015 -- RiskIQ, the Enterprise Digital Footprint Security company, today announced at Black Hat USA 2015 its latest findings on the prevalence of malicious advertisements (Malvertising) across the nearly two billion publisher pages and 10 million mobile apps it monitors per day. In the first half of this year the number of malvertisements has jumped 260 percent compared to the same period in 2014. The sheer number of unique malvertisements has climbed 60 percent year over year. Meanwhile, fake Flash updates have replaced fake antivirus and fake Java updates as the most commonly used method to lure victims into installing various forms of malware including ransomware, spyware and adware.

Click to Tweet: .@RiskIQ reports 260 percent spike in #malvertising in 2015 @BlackHatEvents

“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said Elias Manousos, CEO and co-founder of RiskIQ. “There are a number of reasons for this development, including the fact that malvertisements are difficult detect and take down since they are delivered through ad networks and are not resident on websites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”

What’s Behind the Spike in Malvertising?

The rise of programmatic advertising, which relies on software instead of humans to purchase digital ads, has generated unprecedented growth and introduced sophisticated targeting into digital ad networks. This machine-to-machine ecosystem has also created opportunities for cyber criminals to exploit display advertising to distribute malware. For example, malicious code can be hidden within an ad, executables can be embedded on a webpage, or bundled within software downloads.

Summary of the Findings

RiskIQ’s global proxy network of virtual software users scans billions of websites and millions of mobile apps per day for the presence of malvertisements, malware and malicious/copycat apps. The company’s most recent research into the prevalence of malvertisements yielded the following findings:

  • Malvertisements have increased 260 percent on a prorated basis in the first half of 2015 (450,000) compared to all of 2014 (250,000)
  • The number of unique malvertisements in June of 2015 (80,000) has jumped 60 percent in comparison to the same period last year (50,000)
  • The most common lure used in malvertisements in 2015 has been fake Flash updates, in 2014 the top lures were fake antivirus updates and fake Java updates
  • In 2014, there was significantly more exploit kit activity (which silently install malware without end user intervention) than fake software updates that require user consent
  • In 2015, fake software updates have surpassed exploit kits as the most common technique for installing malware