Malvertising and Other Online Mischief

April 26, 2013 by Mike Byrnes     No Comments

Malvertising — or malicious advertising — is getting a bit more attention as of late. In essence, it’s just another method by which criminals attempt to infect user PCs with some form of malware — albeit a very scary form as it can reach so many users so easily.

The important point is that criminals will continue to exploit new methods to infect users with malware. Regardless of the method (e.g., malvertising, spear-phishing, infected websites, drive-by downloads, etc.), the objective remains the same: criminals want to obtain control over online identities.

So, what do you do to help protect against malvertising? As an end-user? As an organization seeking to protect employee information and identities? As a service protecting online customers?

Unfortunately, regardless of how careful we are as end-users, enterprises, customers or governments, the malware will get through. Again, even if we:

  • Avoid certain websites
  • Adhere to strict online practices
  • Protect corporate networks with firewalls and intrusion detection
  • Secure access to online customer accounts

The malware will infiltrate the perimeter — and it’s best to assume this has already taken place. And, the more sensitive the transaction or information at risk, the more sophisticated the attack.

Here are some best practices to help protect against malvertising and any other online threat.

End-Users & Online Customers

  • Be safe. Practice safe browsing and always keep all your software up to date. Be educated and share good practices with others.
  • Use suspicion. Don’t assume SMS, email and social networking messages are necessarily from legitimate acquaintances or businesses. Be suspicious and never reveal account or personally identifiable information.
  • Switch it up. Where passwords are your only choice, use a passphrase technique such as taking the first letter of an easy-to-remember phrase AND use different ones for different sites.
  • Take advantage. Always take advantage of advanced security controls offered by online providers. So many online thefts can avoided.
  • Go mobile. To access online services, consider downloading and using mobile applications from legitimate app stores (i.e., no jailbreaking) versus traditional PC browsers.

Employers & Service Providers

  • Secure in layers. Implement layered security controls for networks, employees and online customers. Perimeter security is just step No. 1.
  • Protect identities. Ensure identities are well protected with controls beyond username and passwords with some form of two-factor authentication that is dynamic in nature.
  • Go OOB. For higher-risk transactions, make sure they are confirmed on an out-of-band (OOB) channel to defeat malware that has initiated or modified transactions.
  • Be smart. Consider both security and usability when introducing controls — the technology exists.
Mike Byrnes

About

Entrust product manager Mike Byrnes has more than 20 years’ experience in product management and technology marketing with a focus on internet security and business communication systems. Mike drives product marketing for the Entrust IdentityGuard authentication platform with a significant focus on mobile solutions. In addition to mobile, his background covers identity and access management, fraud detection, malware protection, and email encryption solutions. Mike serves as vertical market prime for Entrust financial services segment, working with large banks across the globe to roll out solutions to their consumer- and corporate-banking client base.

Add to the Conversation