Common Information
| Type | Value |
|---|---|
| Value |
Malvertising - T1583.008 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased to plant as well as favorably position artifacts in specific locations online, such as prominently placed within search engine results. These ads may make it more difficult for users to distinguish between actual search results and advertisements.(Citation: spamhaus-malvertising) Purchased ads may also target specific audiences using the advertising network’s capabilities, potentially further taking advantage of the trust inherently given to search engines and popular websites. Adversaries may purchase ads and other resources to help distribute artifacts containing malicious code to victims. Purchased ads may attempt to impersonate or spoof well-known brands. For example, these spoofed ads may trick victims into clicking the ad which could then send them to a malicious domain that may be a clone of official websites containing trojanized versions of the advertised software.(Citation: Masquerads-Guardio)(Citation: FBI-search) Adversary’s efforts to create malicious domains and purchase advertisements may also be automated at scale to better resist cleanup efforts.(Citation: sentinelone-malvertising) Malvertising may be used to support [Drive-by Target](https://attack.mitre.org/techniques/T1608/004) and [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), potentially requiring limited interaction from the user if the ad contains code/exploits that infect the target system's web browser.(Citation: BBC-malvertising) Adversaries may also employ several techniques to evade detection by the advertising network. For example, adversaries may dynamically route ad clicks to send automated crawler/policy enforcer traffic to benign sites while validating potential targets then sending victims referred from real ad clicks to malicious pages. This infection vector may therefore remain hidden from the ad network as well as any visitor not reaching the malicious sites with a valid identifier from clicking on the advertisement.(Citation: Masquerads-Guardio) Other tricks, such as intentional typos to avoid brand reputation monitoring, may also be used to evade automated detection.(Citation: spamhaus-malvertising) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2016-06-27 | 2 | A week in security (Jun 19 – Jun 25) | Malwarebytes Labs | ||
| Details | Website | 2016-06-22 | 0 | Malvertising and ransomware: the Bonnie and Clyde of advanced threats | Malwarebytes Labs | ||
| Details | Website | 2016-06-21 | 0 | How to Protect Your PC with Multiple Layers of Security | ||
| Details | Website | 2016-06-20 | 7 | A week in security (Jun 12 – Jun 18) | Malwarebytes Labs | ||
| Details | Website | 2016-06-08 | 3 | Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser | ||
| Details | Website | 2016-05-18 | 3 | The Ultimate Guide to Angler Exploit Kit for Non-Technical People | ||
| Details | Website | 2016-05-17 | 0 | Nuclear Exploit Kit | ||
| Details | Website | 2016-05-17 | 0 | A Bitcoin A Day Keeps The Doctor Away | ||
| Details | Website | 2016-05-11 | 0 | How to Master Your App Permissions So You Don’t Get Hacked – The Full Guide | ||
| Details | Website | 2016-05-10 | 46 | Large Kovter digitally-signed malvertising campaign and MSRT cleanup release - Microsoft Security Blog | ||
| Details | Website | 2016-05-09 | 20 | CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool | Proofpoint | ||
| Details | Website | 2016-05-09 | 0 | FBI: No, you shouldn’t pay ransomware extortionists | WeLiveSecurity | ||
| Details | Website | 2016-05-09 | 1 | A week in security (May 01 – May 07) | Malwarebytes Labs | ||
| Details | Website | 2016-05-09 | 0 | Brand, Business, and Fraud | ||
| Details | Website | 2016-05-03 | 55 | Angler Catches Victims Using Spam as Bait | ||
| Details | Website | 2016-05-03 | 13 | Threat Spotlight: Spin to Win...Malware | ||
| Details | Website | 2016-05-03 | 0 | A week in security (Apr 24 – Apr 30) | Malwarebytes Labs | ||
| Details | Website | 2016-04-25 | 0 | A week in security (Apr 17 – Apr 23) | Malwarebytes Labs | ||
| Details | Website | 2016-04-22 | 0 | Ransomware: A Threat On The Rise | ||
| Details | Website | 2016-04-20 | 2 | Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries | ||
| Details | Website | 2016-04-18 | 0 | A Week in Security (Apr 10 – Apr 16) | Malwarebytes Labs | ||
| Details | Website | 2016-04-08 | 6 | Nuclear Drops Tor Runs and Hides | ||
| Details | Website | 2016-03-30 | 0 | Fileless infections: an overview | Malwarebytes Labs | ||
| Details | Website | 2016-03-29 | 5 | Social Sites 'Likes' And 'LiveJournal' Hit With Malvertising | Malwarebytes Labs | ||
| Details | Website | 2016-03-21 | 0 | Canadian Hospital Serves Ransomware Via Hacked Website | Malwarebytes Labs |