New York Times Malvertising Cyber Attack

Some pretty high profile websites have fallen victim to a kind of cyber attack known as malvertising. According to Wikipedia, Malvertising is the practice of inserting malicious, malware-laden advertisements into what appear to be legitimate online ads. One such attack occurred on the New York Times website and plagued site visitors for almost a full week.

How Does this Happen?
While websites usually screen the ads they allow to run on their sites for legitimacy, security, and quality, many more online ads come to sites through third-party middlemen commonly referred to as ad networks. Due to this indirect relationship, ads might appear on a website without direct approval from the advertising department or control groups for the sites. The lack of direct oversight, in turn, could expose visitors to third-party servers and potential attack.

In the case of the New York Times attack, only about half of the attacks came through third party ad networks. The rest of the attacks came from a company posing as a legitimate provider. The attackers presented ads for Vonage phone service and displayed malware free ads for a period. At some point, however, the attackers switched up the ads and began showing the virus-laden messaging.

Because of the apparent legitimacy of the original Vonage ads, the attackers were able to get the ads approved by the Times through the normal operational channels. According to an article posted on the New York Times, the breach occurred “because The Times thought the campaign came straight from Vonage, which has advertised on the site before. It allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads.”

What was the Result in this Case?
Reports flooded into the Times from hundreds of people who were affected. The malicious malvertising presented users with a threat detection and prompted them to download security software as a precaution. The downloads were malware.

The New York Times went so far as to suspend third-party advertisement to combat the problem, and even provided readers advice on dealing with similar issues. Experts have since indicated that the people who installed the phony antivirus software would likely be hit again in the future. Similar attacks have occurred on sites like Fox News and The San Fransisco Chronicle.

Can this type of Attack be Prevented going forward?
New York Times and other sites affected by similar attacks have instituted more rigorous screening policies to try and avoid any recurrence of malvertising. The Times also indicated that it was working directly with authorities to track down the culprits. Cybercrime is a difficult case to crack as these attackers are typically organized criminals operating overseas who then recruit third parties to assist with disseminating the viruses.

Additionally, Adobe Flash – whose software was exploited in this case – is becoming less and less prevalent on the web. Apple has often pointed to Adobe Flash’s security vulnerabilities as a reason for not supporting the program.

How Site Visitors can avoid falling Victim to these Attacks
Trusting that big sites will take more preventative steps to prevent such occurrences in the future, visitors also need to be aware of some precautionary measures they can take, even when visiting what’s believed to be secure and trusted sites. Here are some tips for avoiding malvertising attacks:

Purchase and install an antivirus software that would combat these types of attacks
Frequently clear web cache using the options menu on the browser
Do not click directly on ads. Instead, type the company’s website into the browser and visit the site directly as opposed to clicking through the ad
Never agree to download any supposed virus software that you haven’t purchased.

As more and more sites turn to online advertising as a revenue stream, exploiting weaknesses in the screening process for online ads will continue to be an entry point for online criminals. The more traffic a site gets, the more of an appealing target it becomes. Web browsers need to be wary.

Have You Been Hacked?

*Cyber breach data provided by Have I Been Pwned

Enter your email or username to see if your information was compromised.

Have You Been Hacked?