Cyber 101: What is an Ad Network Attack?
Ad networks allow many websites to avoid having to manually manage their own advertising. Basically, the network gives the website some code to put in their pages, which allows the network to serve up advertisements directly on those web pages, sharing a portion of the ad revenue with the site owner. That’s great for site owners, but can lead to some problems. Most notably, if the advertisements contain dynamic content (animations, links, etc.), then they can also carry computer code that can harm your machine.
There is a recent example of this problem, crypto-mining attacks. In order for blockchain technology such as cryptocurrencies (like Bitcoin) to work, computers must do complex math problems to create the actual chain – known as a ledger. Since this math uses a lot of CPU and graphics card power, those who complete the math problems get a small amount of the currency in return for their work. The process is known as “mining,” since it’s very much like mining for gold or gems – you do a lot of heavy work and if you’re lucky enough to be the person who uncovers the vein, you get the rewards.
Threat actors have found ways to place computer code into dynamic advertisements that launches a small piece of software on the computer of anyone who loads the ad in their browser. This software performs the math of blockchain operations and reports the results back to the threat actor, who can submit them and get the currency reward without having to do any of the system-intensive work.
That might seem harmless, but there are drawbacks. The computers running the math problems have a huge portion of their CPU and graphics cards taken up by the mining software; leaving fewer resources available for the programs you actually want running. Also, continuous use of most – if not all – of your CPU and graphics card can generate massive amounts of heat. Not enough to be dangerous to your home in most cases, but more than enough to shorten the lifespan of your computer. This means that the threat actor gets paid, while you need to buy a new computer sooner.
There are also other forms of advertisement attacks, which can be much more malicious. Though few have been spotted “in the wild” (on computers outside of laboratories); many researchers have proven that these same dynamic ads can carry malware that can attack and damage your operating system, files, or other components of your computer. As the methods to perform these actions are now known, we may start seeing these attacks in the real world very soon – and indeed a very limited number of them have propagated across the web.
So, how do you protect yourself? That’s a harder question to answer. Of course, you want to install an anti-malware software tool on your computer and keep it up-to-date. Beyond that, things get more inconvenient. You can avoid visiting sites and doing business with sites that host dynamic ads – i.e. anything other than static graphics advertisements. That’s impractical at best since such a huge number of websites use dynamic ads. You can also install an ad blocker add-on in your browser. While that will block the ads, it also means that the websites stop making as much money – which could mean they can no longer offer free content. This is one of those situations in cyber security where there is no great answer, and defending yourself with anti-malware and limiting your exposure are the best things you can do.
The good news is that reliable ad networks have been policing their content, so things will get better over time. The bad news is that there are so many ad networks that “over time” may be a lot longer than anyone would like. Until all the networks clean up their content, ad blockers and restricting what sites you visit may be the best option.
Mike Talon is a Cybersecurity Architect and journalist in New York City. His experience has allowed him to help companies from mom and pop shops to Fortune 500 organizations. Currently, he’s working for SkOUT Secure Intelligence assisting customers of all sizes find the right Cybersecurity protocols and tools to keep them safe.