• All Articles

September Malvertising News: 3 attacks that exploited Ad Network tools

September Malvertising News: 3 attacks that exploited Ad Network tools

In this edition of AdSecure’s September Malvertising News update, we explore 3 attacks that exploited Ad Network tools in order to target companies and end users across the world. These tools are used regularly by legitimate Advertisers, who can benefit from them through their Ad Networks and CRMs of choice, including AI, targeting, IP and Geolocation tools, link shorteners, CAPTCHA tech, Email ads, and more. Continue reading to find out how cybercriminals spread Malware, Ransomware and Phishing exploits, and how to prevent them from affecting your Ad Network or website with AdSecure!

Malicious Google campaign targets Lowe’s employees

A Malvertising campaign is targeting Lowe's employees via Google ads, using their employee portal MyLowesLife, with the aim to gain access to their login details. The unsuspecting end user relies on Google Search to find the site they are looking for, completely unaware of this Malicious Google campaign which targets Lowe’s employees, rather than typing the full URL in the browser bar. So, when employees search for “myloweslife” they are shown malicious ads promoting a Phishing site. Although seeing ads for an internal HR portal should seem fairly suspicious, not all end users will have this awareness and will not hesitate to click on the first link that looks familiar to them. 

The Malvertisers behind the attack used two different accounts to launch their campaigns in order to showcase multiple attacks simultaneously. They used different URLs with very small variations, thus bombarding and confusing the end user:

myloveslife[.]net
mylifelowes[.]org
mylifelowes[.]net
myliveloves[.]net
myloveslive[.]net
mylofeslive[.]net
Myloweslove[.]com

To create the bogus landing page, the Malvertisers used AI and a generic ‘retail store’ template to create an exact replica of the Lowe’s page. With the raise of AI tools in digital Marketing, this is certainly not the first time Malvertisers use AI to create Phishing landing pages!

Malicious advertisers exploit targeting tools to perfect Malvertising attempts

As we can see on the image by Malwarebytes above, the URL is fake but closely resembles the original one. The page itself looks exactly the same, including the login box to prompt the end user to give their credentials to access the employees’ area, which are then being sent back to the threat actor using a POST request via a xxx.php Phishing kit. After collecting this data, a second page asks end users for their security question in order to keep them enough time on page to steal their information. Then, they get redirected to the real MyLowesLife website where they will be asked for their login details again. While that could raise suspicion, it’s possible that many end users will think it’s a system error or glitch and won’t pay attention to it.

If you are a Publisher looking to protect your website against Google Malvertising campaigns, make sure to contact our team to book a call and find our what AdSecure's software can do for you!

Malicious Advertisers exploit targeting tools to perfect their Malvertising attempts

Malvertisers have started using Search Engine Marketing (SEM) tools to identify new ways to attract their victims and thus refine their Malvertising attempts. For instance, Cybercriminals use malicious keyword targeting tactics to spread Malware, analyzing which keywords have the most searches and CTRs. These keywords could be targeting any vertical, like for instance Antivirus (The keyword ‘antivirus software’ currently has 22,000 searches on SEMRush), and VPN (Kw ‘free VPN’ has 450,000 searches). 

The Malicious Advertisers used the domains, “ktgotit.com”, and “advanced-ip-scanner.com,” which previously generated significant traffic but had no activity at the time, yet remained associated with their search keywords. By using their historical data, they could identify effective ads promoting these domains and use them as templates for their malicious campaigns. Here are some other ways in which Malicious Advertisers exploit targeting tools to perfect Malvertising attempts:

  • Link shorteners: Used to obscure malicious URLs and redirect unsuspecting end users to a malicious landing.
  • IP geolocation utilities: They use them to track the spread of their Malware and tailor their attacks based on the end user’s location.
  • CAPTCHA tech: Originally used to differentiate between humans and bots, is being manipulated to prevent automated security tools from accessing and detecting their Phishing pages, while ensuring that human victims can still access the threat.

Wondering how to protect your Ad Network against malicious exploitation of targeting tools? Blocking the use of these tools is impractical for end users, Publishers, Ad Networks and legitimate Advertisers, due to their appropriate applications. Instead, Ad Networks and Publishers should focus on using monitoring and removal software such as AdSecure’s 360 Malvertising Prevention and Ad Quality Solution.

Ransomware attacks escalate in the US in Q3 2024

According to Helpnetsecurity, Ransomware attacks escalate in the US in Q3 2024 once again, remaining a concerning online threat, with attempts becoming more frequent and dangerous, targeting critical sectors like healthcare, education, and manufacturing. The US is the most targeted GEO for these kinds of attacks. Most seem to occur between 1AM and 5AM, a lot of them via malicious Email ad campaigns, and 74% of the victims were attacked multiple times during the year! So it is paramount to find a prevention software for your Ad Network or website to keep your end users safe at all times, since once targeted, you run the risk of being targeted again.

A few more points raised by Helpnetsecurity:

  • The US accounts for 48% of all Ransomware attacks worldwide! 60% of the world’s attacks target education and 71% of attacks on healthcare. 
  • Ransomware remained the leading cause of financial loss both for companies and individuals since January 2023, with 64% of Ransomware-related claims resulting in a loss.
  • For the third year in a row, 81% of organizations surveyed paid the ransom to end an attack and recover data.
  • Ransomware claims frequency as a whole jumped 64% year over year, primarily due to the explosion of “indirect” Ransomware claims whose frequency increased by 415%.
  • Attackers continued to exploit remote access technology, with 58% of direct Ransomware incidents attributable to a remote access vulnerability.

Conclusion: How to protect my Ad Network against the malicious exploitation of targeting tools

So, in this edition of AdSecure’s September Malvertising News update, you have just found out about 3 ways in which Malicious Advertisers exploit targeting tools to perfect their Malvertising attempts. Because these tools are in constant use by legitimate Advertisers through their go-to Ad Network, as well as website Publishers and even end users to go about their online activities, the simple blocking of them is not a viable solution. Then, the best option to prevent recurrent Ransomware attacks on your Ad Network as well as other attacks like Malware and Phishing, is to use a Malvertising Real-Time monitoring and removal solution such as AdSecure! With our software you will be able to:

  • Automate your ad verification process before ad campaigns go live and also while they are running.
  • Detect non-compliant, dangerous or low-quality ads and eliminate them on the spot.
  • Steer clear from unsafe and offensive ad content.
  • Measure ad performance against industry standards with great tools such as the IAB Standards tool.
  • Block Malicious keyword targeting to spread Malware, protect end users against email Ransomware ad campaigns and Phishing Google Malvertising campaigns, as well as other attacks, at all times!
  • And more!

If you are wondering how to prevent recurrent Ransomware attacks on your Ad Network, book a call with our team now to learn more information on how AdSecure keeps your Ad Network or website, and end users safe at all times. Or maybe you want to test out our 14 days Free Trial and start protecting your website against Google Malvertising campaigns now!

Share this article on


Anna

Blog