The German parliament was able to repel a malvertising campaign in January which affected at least 10 lawmakers, it has been revealed.
The attackers are said to have used malicious ads on the website of the Jerusalem Post to infect innocent visitors to the site.
German federal cybersecurity agency the Bundesamt für Sicherheit in der Informationstechnik (BSI) had the following statement (Google Translate):
“The technical analysis has been completed. The website of the Jerusalem Post was manipulated and linked to a harmful third party. Within the scope of the analysis, however, the BSI has not discovered any malicious software; infections are also not known to the BSI.”
It added that new protection measures put in place after a 2015 attack on the Bundestag have already helped the BSI prevent 3,600 attempts to connect to “malicious” servers:
“The core task of the BSI as a national cyber security agency is the defense against threats to the IT of the federal government. A governmental protection component therefore blocks such attack by eliminating outbound network connections to infected web pages that distribute malicious programs, as well as preventing attempts to connect existing malicious programs to control servers.”
It’s unlikely that the malvertising campaign was created specifically to lure German lawmakers to a malware-laden website, but the news comes at a time of heightened tensions in Europe ahead of major national elections, with many fearing Russian state hackers may seek to undermine the democratic process as they did in the US.
Head of the US Senate Intelligence Committee, Richard Burr, yesterday claimed Russia is “actively involved in the French elections" and could end up being a “balance disruptor” in France and Germany.
The Bundestag elections come in September while the French presidential elections will begin next month.
Malcolm Murphy, Western Europe technology director at Infoblox, argued that malvertising has been gaining a higher profile of late thanks to some major campaigns targeting the New York Times and BBC in 2016.
“Clearly cybercriminals are targeting high-traffic sites to try to encourage a larger number of clicks, and consumers are probably more likely to trust ads which are displayed on well-known, trusted websites. Meanwhile, the malware itself continues to grow in sophistication, often exploiting an organization’s domain name system, or DNS, as a pathway to connect to a malicious destination or botnet,” he explained.
“To combat this growing threat, organizations should be making DNS security a top priority. Reliable threat intelligence will also enable organizations to disrupt malware as it communicates through the DNS, protecting customers from malvertising in the process.”