Tag: Cybersecurity and Infrastructure Security Agency

In a recently released Capacity Enhancement Guide, the U.S. Cybersecurity & Infrastructure Security Agency recommended that federal agencies consider deploying ad-blocking technologies to reduce the potential impact of malvertising.

WHAT IS MALVERTISING

Malvertising is the use of malicious or hijacked website advertisements to spread malware and is a significant vector for exploitation. It bypasses built-in browser protections against pop-ups and forced redirects and inserts malicious ads into legitimate ad networks. These ads spawn a forced redirect or load a payload for malicious purposes. Adversaries can use carefully crafted and tailored malicious ads as part of a targeted campaign against a specific victim, not just as broad-spectrum attacks.

. . .

Deploy Advertising Blocking Software

An additional measure is to implement advertisement blocking. In most cases, this solution is generally more complex and expensive to implement than browser standardization. Ad-blocking software prevents advertisements from displaying or removes different types of ads (e.g., popups, banner ads) when a user visits a website or uses an application. This software reduces a user’s risk in receiving malicious ads or being redirected to malicious websites. One common ad-blocking technique is the use of web browser extensions that enable a user or agency to customize and control the appearance of online ads. CISA encourages agencies to evaluate solutions that would enable malicious ad blocking.

Note: ad-blocking browser extensions operate with high levels of privilege and have access to all data traffic between the client and the network, allowing them to collect data or perform other potentially malicious actions. Additionally, some browser extensions are known to accept payment from advertisers to ensure their ads are allowlisted from blocking.