Pop Culture: Hotbed of Malvertising

Team Taylor or Team Nicki? Think that lion-poaching dentist is barbaric? Is Kim Kardashian really becoming an Important Voice of Feminism?

When you try to answer these and other burning questions of our time, you may be getting more than you bargained for: popular news and entertainment websites unknowingly host 58% of malvertising activity.

A Bromium Labs research report that analyzes the ongoing security risk of popular websites and software found that online advertisements with hidden malware are delivered primarily through news websites (32%) and entertainment websites (26%). Notable websites unknowingly hosting malvertising have included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com.

And the tactic is having a profound effect: Flash exploits have increased 60% since 2014, while ransomware is up a whopping 80%. The growth of ransomware families has doubled each year since 2013.

It would appear that the unending maw of Facebook shares, Twitter links and random Google results for pop culture staples like cat videos and celebrity fascinations (and yes, we just characterized cat videos as “pop culture staples”) continues to prove fertile ground for cybercriminals.

 “For the last couple years, Internet Explorer was the source of the most exploits, but before that it was Java, and now it is Flash; what we are witnessing is that security risk is a constant, but it is only the name that changes,” said Rahul Kashyap, SVP and chief security architect at Bromium. “Hackers continue to innovate new exploits, new evasion techniques and even new forms of malware – recently ransomware – preying on the most popular websites and commonly used software.”

Of course, capitalizing on our insatiable appetite for pop culture is not a new story per se. During the 2014 FIFA Men’s World Cup, Portugal’s Cristiano Ronaldo, Real Madrid star and general showboat, managed to exit the tournament with a whimper—but not before claiming the golden boot for malware baiting.

Malvertising has become an attack method of choice this year, as a conduit for a whole unholy host of online threats, such as spyware, adware, spam, phishing, viruses and other malware. During the first six months of 2015, Flash experienced eight exploits, an increase of 60% since 2014, when there were five exploits. Most active exploit kits are now serving Flash exploits, potentially impacting a large number of Internet users, given the ubiquity of Adobe Flash.

Also in the first six months of 2015, nine new ransomware families emerged: CoinVault, TeslaCrypt, Cryptofortress, PClock, AlphaCrypt, El-Polocker, CoinVault 2.0, Locker and TOX; this is an 80% increase from 2014 and represents a significant growth in ransomware since 2013, when there were only two ransomware families: Cryptolocker and Cryptowall.

At the same time, Bromium Labs analyzed malware evasion technology and found it is rapidly evolving to bypass even the latest detection techniques deployed by organizations, including antivirus, host intrusion prevention systems (HIPS), honeypots, behavioral analysis, network filters and network intrusion detection systems (NIDS).

So, bottom line? Sure, get your celebrity dirt on. Look up stats on your favorite Premier League star. Check out this beyond-fantastic ad for DirecTV that the Dallas Cowboys quarterback Tony Romo has turned in. But be careful, keep your security software up to date, and in a business setting, consider implementing policies against visiting dodgy, non-work-related entertainment sites.

What’s Hot on Infosecurity Magazine?