Issue link:

Contents of this Issue


Page 2 of 3

SPRING 2019 SECURITY SMART 3 Protect Yourself from Malvertising "Malvertising," a blend of malware (malicious software) and advertising, is what happens when cybercriminals buy ad space on trustworthy websites and hide malicious code in ads that appear legitimate. These bad ads can redirect users to shady websites or install malware on their computers or mobile devices. Some of the world's most popular websites, including those of the New York Times, Spotify and the London Stock Exchange, have inadvertently dis- played malicious ads, putting their us- ers in jeopardy. In 2017, Google blocked 79 million ads that attempted to send people to malicious websites and re- moved 48 million ads that suggested the installation of unwanted software. What's worrying is that people's devices can get infected even if they don't click on the images—often it's enough if they just load. This is called "drive-by download," because all a vic- tim has to do is "drive by" a web page. Cyber criminals use malvertising to deploy various forms of money-making malware, and it can be very profitable for them. "Today, malvertising groups are highly organized businesses," says Jerome Dangu, co-founder and CTO of Confiant, a company that develops solutions to combat bad ads. Typically, attackers buy ad space from ad agencies and then submit infected images, hoping not to get caught. Sometimes, they start by sending a legitimate ad and insert malicious code later. After they infect enough people, they can clean up after themselves and remove the bad code. Malicious ads are often designed to provoke strong emotions and promote calls to action. They can also prom- ise products at a bargain, such as an iPhone for just $1, tricking users into giving their credit card data. Smartphones and tablet PCs are be- coming increasingly attractive for mal- vertising groups because users tend to worry less about these devices' security. It's also common to accidentally tap an ad when you're using a smartphone. Recent malvertising campaigns have tar- geted both Android and iPhone users. To keep your devices safe, install antivirus tools and keep all software up- dated, including the operating system, browsers, Adobe Flash and Java—even better, avoid Flash and Java altogether. Ad blockers aren't a great solution, because they cut revenue for both the advertising industry and journalism, says Maggie Louie, co-founder and CEO of Devcon, a cybersecurity software company for news media publish- ers. She recommends tools such as Ghostery, a free privacy and security- related browser extension and mobile browser app that can filter bad ads while letting the good ones pass. DID YOU KNOW? One in three organizations admitted to suffering a security compromise due to a mobile device, according to a new study by Verizon, a 5% increase over last year. And 86% said that mobile data security threats are growing faster than other types of threats. SOURCE: VERIZON MOBILE SECURITY INDEX 2019 Using a New Employer-Owned Device? First, Learn the Rules. W HEN YOUR company's IT people hand you a sweet new laptop or mobile de- vice, most likely you can't wait to take it for a spin. Before you do, read and make sure you understand your em- ployer's acceptable use policy, which sets out guidelines about what you can and can't do with it. (You may have been asked to sign the policy when you received the device.) Typically, such policies will include statements like these: ■ Business devices are the sole property of the business. The busi- ness alone can assign, remove and determine control over those devices. ■ There is no expectation of privacy when using a business-owned device. The company may read employee emails or other communications at its own discretion, without prior notice. ■ Unlawful or unethical activities are not allowed on business devices. ■ Any user-created passwords can be disabled or reset by the company without prior notice. ■ Personal use is allowed as long as it isn't excessive (as determined by the business) and does not violate any other guidelines. ■ Failure to abide by this agree- ment may result in actions including removal of that same company device and up to and including termination. If you aren't sure what constitutes acceptable use at your organization, ask the IT or security team. For more information on staying safe online here at BSU or at home, contact

Articles in this issue

Links on this page

Archives of this issue

view archives of BSU - Security_Smart_Spring2019_Bridgewater