Yahoo Hit with Major Malvertising Campaign, Putting Millions at Risk
A massive hack infiltrated Yahoo’s ad network for at least seven days, according to Malwarebytes’ official security blog. Malwarebytes, an anti-malware security company, discovered the attack and immediately notified the search company.
“As soon as we detected the malicious activity, we notified Yahoo and we are pleased to report that they took immediate action to stop the issue,” said Jerome Segura, senior security researcher at Malwarebytes, on the company’s official security blog. The firm said the campaign was no longer active as of yesterday.
With more than 6.9 billion visitors to Yahoo’s Web site every month, the attack, which began on July 28, constituted one of the farthest reaching malware attacks ever recorded.
Difficult To Confront
The hackers pulled off the attack using Web sites for Microsoft Azure, a cloud computing platform and infrastructure used for building, managing, and deploying applications and services. The scam worked by redirecting users to an Angler exploit kit, off-the-shelf software containing easy-to-use packaged attacks on known and unknown vulnerabilities.
Malvertising can be a difficult threat to confront because malicious ads do not require any type of user interaction to execute their payloads. Just visiting a Web site that contains malicious advertisements can be enough to trigger an infection.
In an official statement, Yahoo said it took immediate action when it learned of the campaign, and would continue to investigate it in the future. Because of the large number of visitors to Yahoo sites, it is difficult to know exactly how many Internet users have been affected.
Spike in Number of Attacks
The subtlety of a malvertising attack, combined with the complexity of the Internet advertising market, make it a difficult security challenge to overcome. That might be part of the reason such attacks are increasing. The number of malvertising attacks spiked in the first half of this year, registering a 260 percent increase over the same period in 2014, Digital enterprise security company RiskIQ said today at the Black Hat USA security conference.
“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said James Pleger, director of research at RiskIQ. “There are a number of reasons for this development, including the fact that malvertisements are difficult to detect and take down since they are delivered through ad networks and are not resident on Web sites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”
The increase in programmatic advertising that relies on software rather than humans to purchase digital ads has generated unprecedented growth and introduced sophisticated targeting into digital ad networks, according to RiskIQ.
"This machine-to-machine ecosystem has also created opportunities for cybercriminals to exploit display advertising to distribute malware," according to the company. "For example, malicious code can be hidden within an ad, executables can be embedded on a Web page, or bundled within software downloads."
Image credit: Yahoo Flickr.