On August 5, security giant Cisco Systems released their midyear security report, which focused on multiple different vulnerabilities hackers are currently using, across the globe. While most of the report featured numerous low-risk vulnerabilities, that we’ve been seeing for some time now, they also identified a new trend on the rise, called ‘malvertising’.
Now, in today’s more tech-savvy culture, many of us are very aware of which part of a website we’re visiting is content, and which part are ads. So, where in the past, hackers could purchase an ad that effectively directed traffic to their infected website, they have seen a drastic reduction in the rate that users actually click on ads. Enter ‘malvertising’.
Hackers are now creating ads that, once loaded, will instantly redirect you to their website, typically via Java. There is no click needed, as it is actually part of the website you’re visiting. Here is where it gets a little tricky. The cybercriminals are purchasing ad-packages, last minute, hoping their ads can quickly make it through the security measures put in place by the ad companies. Typically, they are not buying very large bulk quantities, but small amounts. This means that a particular malicious ad may pop up on a website for only 1 in 10,000 visitors, but it also makes it much harder for the website to flag it, before it becomes a widespread problem. The second problem is the use of Java; most of these tools are going to exploit applications from within Java itself, but Java is such an ingrained part of our tech lives, that turning it off just isn’t an option for most of us.
The biggest tool you and I have is knowledge and preparation. One of these days, an exploit like this is going to catch you. The trick is to know that, at some point it will happen, so be prepared.
- You may notice that Java seemingly pops up every day on your computer, saying it has a new update. Many of us will simply click ‘Decline’ or ‘Remind Me Later’ and carry on with our days, but you shouldn’t! Almost every one of those Java updates has an update related to a security hole or feature they are updating. At Java, they know how much of an essential part of our web experience their app is, and how much that makes them a target. And the hackers, they’re counting on you to click ‘Decline’, so always click Accept, as it rarely takes more than a minute.
- Is your anti-virus up to date? Often, we will let our anti-virus program just run by itself in the background, but a quick double-check, every now and then, never hurts. Your anti-virus is only as good as the last time it was updated; usually, you can simply open the program and and see that the date and time of the last update is, typically, one of the first pieces of information. Again, these updates are usually patching security holes, to keep up with the latest viruses as they come out.
- Is your anti-virus subscription still good? If your anti-virus is a paid, subscription based anti-virus, an expired anti-virus does you next to no good; renew it or replace it. We can recommend effective paid subscriptions, or some more than adequate free ones – definitely better than none.
Of course, Frankenstein Computers is ALWAYS up to date on the latest trend of infections, and we have a variety of tools at our disposal to take care of you, if you do end up infected. And if (when!) that happens, the quicker you can get your computer to us the better, as an infected computer always brings in more infections, and after an extended period of time, can start causing real corruption.