Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
August 4, 2015
Flash Updates Replace Fake AV and Java Updates as Most Common Lure for Tricking Victims to Install Malicious Software
LAS VEGAS — Aug. 4, 2015 — RiskIQ, the Enterprise Digital Footprint Security company, today announced at Black Hat USA 2015 its latest findings on the prevalence of malicious advertisements (Malvertising) across the nearly two billion publisher pages and 10 million mobile apps it monitors per day. In the first half of this year the number of malvertisements has jumped 260 percent compared to the same period in 2014. The sheer number of unique malvertisements has climbed 60 percent year over year. Meanwhile, fake Flash updates have replaced fake antivirus and fake Java updates as the most commonly used method to lure victims into installing various forms of malware including ransomware, spyware and adware.
Click to Tweet: .@RiskIQ reports 260 percent spike in #malvertising in 2015 @BlackHatEvents http://bit.ly/1g21xSf
“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said Elias Manousos, CEO and co-founder of RiskIQ. “There are a number of reasons for this development, including the fact that malvertisements are difficult detect and take down since they are delivered through ad networks and are not resident on websites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”
The rise of programmatic advertising, which relies on software instead of humans to purchase digital ads, has generated unprecedented growth and introduced sophisticated targeting into digital ad networks. This machine-to-machine ecosystem has also created opportunities for cyber criminals to exploit display advertising to distribute malware. For example, malicious code can be hidden within an ad, executables can be embedded on a webpage, or bundled within software downloads.
RiskIQ’s global proxy network of virtual software users scans billions of websites and millions of mobile apps per day for the presence of malvertisements, malware and malicious/copycat apps. The company’s most recent research into the prevalence of malvertisements yielded the following findings: