Cisco has just discovered a string of malvertising websites that victimize unwary users who have been visiting the sites of The Guardian newspaper, Facebook and Disney. Not only that, it was found that these malvertisers also resort to ransomware in order to funnel hundreds of dollars from users whose computers end up being locked, which need payment in return for them to be functional again.
As of this posting, Cisco has detected a great number of computers that have been infected by the ransomware owing to the fact that cyber criminals are using sophisticated means of breaking security systems in order to gain unauthorized access to PCs.
The company was able to spot on this widespread proliferation of ransomware from the host sites mentioned above through its security product Cloud Web Security, which works to track the behavior of Internet users as they surf the net or visit a frequented page such as Facebook and Twitter, and which raises the red flag when it finds malicious domains in its radar.
Cisco reported that traffic from Facebook, Guardian, and Disney website go.com were being prevented by the CWS tool from redirecting to 90 domains, mostly hosted by WordPress.
The kinds of attacks perpetrated through malvertising are nothing new as it has been known to the security community a long time ago. What continues to evolve, however, is the level of the difficulty with which security tools could ward them off, or at least defend a network, which up to this time has been a hard task for companies. As a result, their security measures almost always fall short of protecting their networks.
On the part of the users, it might be quick to notice a malvertising scheme on a certain website once it is visited since these ads appear too good to be true. However, most websites that unwittingly run them are often unaware that these malicious ads are being displayed on their home page. This shows the stealthy approach of attackers in terms of running malicious ads even on popular websites such as Facebook and The Guardian.
So how did hackers placed ads on these sites? Cisco found that brute-force attacks had been employed, meaning attackers had guessed passwords in order to access the control panel of the sites in order to inject the malvertising tool called Rig into their computer and display the ads on their websites’ pages.
It also indicates that you cannot fully trust ads on these websites all the time, but for unsuspecting and less tech savvy users, it may become a bigger problem.