Cyber security news for all


    Confiant warns of hacked advertising servers

    With a malvertising campaign, a group of attackers is trying to infect the computers with malware. Confiant says that almost 50 advertising servers are affected.

    “If we take a look at the volumes behind just one of the compromised RTB ad servers – we see spikes of up to 1.25 [million] affected ad impressions in a single day,” said Eliya Stein, a Senior Security Engineer at Confiant.

    Malicious Script That Retrieves Content From A New Domain

    Once the attackers have taken control of the advertising server, in addition to the advertising that is actually distributed, they also deliver a disguised malicious script that retrieves content from a new domain. This is then used to deliver content from an advertising network that is notorious for the spread of malware. Usually, a banner is displayed to the user, which pretends to be a flash update and wants to tempt the user to install a program. It is unclear which malware is to be installed specifically for users.

    The Attackers Make At Least A Minimal Effort To Hide Their Activities

    Cookies ensure that the malware is not displayed to users too often .The malware script also checks whether the user has opened the developer console.

    Compromised Revive servers allow cybercriminals to add malicious code to existing ads unnoticed. Once these ads are loaded from legitimate websites, the malicious code tries to redirect visitors to malware websites. There, users are often offered fake updates for the Adobe Flash Player.

    While the so called malvertising campaign is not new, the approach differs significantly from the strategies of other groups. So far, they have limited themselves to buying advertising space on legitimate websites through false advertising companies and then filling these spaces with malicious advertising. This tactic works because the code for ads may not be adequately checked or because dubious vendors tolerate the malvertising campaign business because it brings them revenue and profits. Capturing ad servers is very rare, especially on this scale.

    Recent Articles

    Cyber threats become more dangerous to secure the digitization

    The pandemic has provided a boost to digital world. But now it is important to secure it. Examples of developments in the pandemic are...

    Sopra Steria was encrypted with Ryuk ransomware

    Last week, there was a successful ransomware on the servers of the French provider Sopra Steria. In an extremely brief statement, the company only...

    Emotet takes unusual approaches and loads new malware

    Even those who are not concerned with the security have mostly heard of Emotet. The malware has been up to mischief for several years,...

    Cyber criminals could exploit the Oracle network

    The software manufacturer Oracle network only holds its updates every three months. Oracle speaks of security gaps - Due to the extensive product range...

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox