Does online advertising deliver malware to you?

In a recent report from the U.S.Senate entitled Online Advertising and Hidden Hazards to Consumer Security and Data Privacy

… details are given on how vulnerable internet advertising is to being used as a delivery mechanism to permeate the globe with malicious malware.  The report is quite extensive, and includes a history of how internet advertising developed and the complicating factors present today which absolve advertisers from any accountability for the malware that they deliver.  If you would like a good understanding of what you face to protect your family, this is a must read.349183_tunel_svet_sinij_seryj_Hi-Tech_1920x1200_www.GdeFon.ru_

Here are some excerpts from the Executive Summary of the report:

“… the growth of online advertising has brought with it a rise in cybercriminals attempting to seek out and exploit weaknesses in the ecosystem and locate new potential victims. Many consumers are unaware that mainstream websites are becoming frequent avenues for cybercriminals seeking to infect a consumer’s computer with advertisement-based malware, or “malvertising.” Some estimates state that malvertising has increased over 200% in 2013 to over 209,000 incidents generating over 12.4 billion malicious ad impressions. According to a recent study by the security firm Symantec, more than half of Internet website publishers have suffered a malware attack through a malicious Homeland Securityadvertisement

“The Internet as a whole, as well as all the consumers who visit mainstream websites, is vulnerable to the growing number of malware attacks through online advertising. … malware attacks delivered through online advertising are a real and growing problem.”

“The complexity of the online advertising industry makes it difficult to identify and hold accountable the entities responsible for damages resulting from malware attacks.  Yet, if responsibility for malware attacks is laid solely on cybercriminals, commercial actors may have reduced incentives to develop and institute security measures for fear of becoming the liable party if something goes wrong.”

“The Subcommittee’s investigation shows that lack of accountability within the online advertising industry may lead to overly lax security regimes, creating serious vulnerabilities for Internet users. Such vulnerabilities could grow worse in the absence of additional incentives for the most capable parties on the Internet to work with consumers and other stake holders to take effective precautionary measures.”

Here are the Key Findings:

1. Consumers risk exposure to malware through everyday activity

Consumers can incur malware attacks without having taken any action other than visiting a mainstream website. The complexity of the online advertising ecosystem makes it impossible for an ordinary consumer to avoid advertising malware attacks, identify the source of the malware exposure, and determine whether the ad network or host website could have prevented the attack.

2. The complexity of current online advertising practices impedes industry accountability for malware attacks

The online advertising industry has grown in complexity to such an extent that each party can conceivably claim it is not responsible when malware is delivered to a user’s computer through an advertisement. An ordinary online advertisement typically goes through five or six intermediaries before being delivered to a user’s browser, and the ad networks themselves rarely deliver the actual advertisement from their own servers. In most cases, the owners of the host website visited by a user do not know what advertisements will be shown on their site.

3. Self-regulatory bodies alone have not been adequate to ensure consumer security online

Self-regulatory codes of conduct in the online advertising field do not comprehensively address consumer security from malware. In addition, the self-regulatory efforts in online security to date have been dependent upon online ad networks for their funding and viability, creating a potential conflict of interest in their dual roles as industry advocates and standard-setting bodies. The self-regulatory bodies prioritize industry representatives over consumer advocates in the standard-setting process.

4. Visits to mainstream websites can expose consumers to hundreds of unknown, or potentially dangerous, third parties

Subcommittee analysis of several popular websites found that visiting even a mainstream website exposes consumers to hundreds of third parties. Each of those third parties may be capable of collecting information on the consumer and, in extreme scenarios, is a potential source of malware.

5. Consumer safeguards are currently inadequate to protect against online advertising abuses, including malware, invasive cookies, and inappropriate data collection

Cybercriminals are constantly finding new ways to evade existing security methods. Self-regulatory codes do not significantly address online advertising security, and data collection protections are often limited in scope, and underutilized. Current FTC safeguards are insufficient to comprehensively protect consumers from online advertising abuses.

6.Current systems may not create sufficient incentives for online advertising participants to prevent consumer abuses

Because responsibility for malware attacks and inappropriate data collection through online advertisements is undefined, online advertising participants may not be fully incentivized to establish effective consumer safeguards against abuses.

All these findings point to one more very important fact:

You are responsible for the protection of your family from cybercriminals.  Encrypting the keyboards on all of your devices, along with keeping your anti-virus software up to date, is your best defense.  Contact Us for a free consultation on how to secure your keyboards.