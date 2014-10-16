* US military aerospace firm, 2 other contractors hit
* Malware ad campaigns seen as new tool for cyber espionage
* Ad-targeting industry seen by experts as enabler of
attacks
By Eric Auchard
AMSTERDAM, Oct 16 A surge in malware disguised
as online advertisements aimed at unsuspecting web users has hit
major U.S. military contractors in the past few weeks, marking a
dangerous twist on a decade-old scourge for advertisers,
security researchers said on Thursday.
Researchers from Fairfax, Virginia-based security software
company Invincea said they had documented new uses of so-called
"malvertising" to carry out highly-targeted cyber espionage
campaigns against three firms in the military-industrial arena.
Malvertisements lurk behind banner ads and videos,
delivering hidden code via ad networks to consumers and business
users browsing the web. They exploit the automated dance that
takes place in the blink of an eye between advertisements and
web pages, every time a user lands on an ad-supported web site.
Data security breaches now regularly hit high-profile
businesses such as banks and retailers, leaving millions of
consumers vulnerable to identity theft and financial fraud. But
research into malvertising has revealed how cyber-criminals and
spies can use the marketing industry's latest tools to pinpoint
high-value targets.
Invincea researchers said the goal of the intrusions
appeared to be the theft of military secrets or intellectual
property rather than click-fraud or bank account phishing. They
noted that some of these companies are producing technology for
use in combat zones.
"In the past, we have seen organised cyber crime learn
attack techniques from advanced nation state actors," Invincea
Chief Executive Anup Ghosh said, using industry parlance for
cyber spies. "This is a case where advanced state actors would
be learning from cyber crime in terms of methods and tactics."
Invincea researchers said that in the last two weeks of
September they had detected up to six malvertising attacks that
targeted one aerospace contractor and saw similar attacks
against two other military contractors.
They declined to speculate on who or where these specific
cyber-attacks originated, focusing instead on how they worked.
What is clear is that perpetrators are turning to the
demographic targeting tools available to any online marketer,
taking advantage of real-time advertising bidding networks,
which work like stock exchanges for marketers, to place
malware-laced ads that target specific organisations or
audiences.
Invincea said they thwarted the attacks but declined to name
the targeted firms. It will provide forensic evidence in a
report it plans to publish on its website at www.invincea.com/
on Friday.
ADWARE MEETS SPYWARE
Malvertising sprang up as a way to make easy money by
installing malicious code on computers that redirected the
infected machines to web sites to earn cash from advertising
click fraud or to steal bank accounts. Researchers from several
security firms have detected a malvertising surge this year
aimed at consumer and business users.
Victims can be targeted based on their interests in certain
news sites, or online poker or stock forums, Invincea
researchers said. Browser cookies can be used to target users
with specific tastes in handbags or luxury holidays.
Perpetrators can set up a corporate front to deliver normal
ads, then swap landing pages from time to time for malicious
code. They place these ads on advertising exchanges and bid up
prices for placement on sites that its targets are known to
visit, based on what they glean from these intended victims'
advertising profiles.
Malvertising sites are typically online for less than four
hours, before they are deleted, making it nearly impossible to
keep track of new vulnerabilities, Invincea said.
The Invincea study found these vulnerabilities in most
online advertising networks. "Any real-time ad bidding service
that allows for automatic redirection is inherently insecure,"
said Pat Belcher, who heads Invincea's security analytics team,
which conducted the forensic research. "It is across the board."
SPY TOOLKIT
The evolution of malvertising into a toolkit for spies
raises the stakes for the online advertising industry, which
cyber experts say has failed to protect Web site customers and
their users by weeding out fake advertisers who exploit the
instantaneous nature of Web ad delivery to defeat most existing
anti-malware tools.
Three major advertising organisations in the United States
said last month they would team up to fight ad fraud, malware
and piracy. An independent body is being set up to monitor
nefarious actions.
"Criminal activity threatens to erode trust in the digital
ecosystem," Randall Rothenberg, chief executive of the
Interactive Advertising Bureau said. "It is time that
publishers, marketers and agencies stand together to combat
these dangerous forces as a unified entity."
Digital marketers are projected to spend $140 billion
globally this year, with that growing to an estimated $214
billion by 2018, which would represent nearly one-third of all
media ad spending, according to market research firm eMarketer.
By undermining consumer trust, the attacks imperil the vast
number of web sites which fund themselves by running online ads
alongside their own content to keep their sites free to users.
"Ad delivery networks today are not incentivised to address
the problem in a credible manner as they derive revenue from the
criminal enterprise," the Invincea report states. "Turning a
blind eye to the problem is rewarded economically," it said.
(Additional reporting by Jennifer Saba in New York; editing by
Jim Finkle and Jane Merriman)