Certain types of websites are known to contain malware and carry a high risk of infecting visitors. Video streaming websites, those providing adult content, and sites run by individuals who lack an understanding of basic security controls. However, it is not only these websites that carry a risk of infecting visitors with malware. Even large sites – we are talking Yahoo and YouTube here – have allowed malware to be installed. How is this possible with websites that generate huge revenues can also be infected?
The problem is not the websites themselves, but the content that is displayed on them. Malware is delivered indirectly, via the ad networks site owners sign up to or fail to block. There are a lot of unscrupulous advertisers out there, and many do not vet their customers very well. Some ad networks allow anyone to sign up. They also serve just about any kind of advert, even those containing malware or malicious links. Any visitor to those sites could potentially have their device infected. If one of those visitors is an employee of yours, your network could be in serious trouble.
Ad networks can allow malware to be delivered to users’ devices
An advert on a website could direct the visitor to a phishing website or one that contains multiple pieces of malware. That is not to say that the advertisers are deliberately phishing for information or want to infect visitors. They may not even be aware that their websites have been hijacked by hackers.
Advertising is often a necessary evil to make websites profitable. Without advertisers, many websites would simply go out of business. To generate revenue, site owners place code on their websites that third party servers can access. Adverts are then shown to visitors to that website via text, image, or even video ads. Those third party servers potentially syndicate adverts to tens of thousands of websites, including many legitimate and well known websites.
With the potential to send adverts to so many websites, ad networks are frequently targeted by cybercriminals. If they are successful, their malware can be very quickly syndicated and placed in front of tens or hundreds of thousands of individuals. In some cases, millions.
You may have even seen some of these adverts. Have you been served an advert that tells you that your system requires an urgent update? Your JavaScript is out of date? You can only view the content on the website if you download this security patch? A high percentage of these adverts are fake, and will install malware or malicious code on your computer.
Even if the ads direct you to a legitimate website, they often result in pop up browser windows being launched which can slow down your computer. Those pop ups may also contain links to many dangerous websites.
As a system administrator do you want your company’s employees to be presented with adverts telling them to update their software themselves?
What can IT managers do to prevent networks being compromised by employees
Recent research conducted by Cisco Systems has revealed that employees and other Internet users are much more likely to suffer a malware infection as a result of shopping online at legitimate websites than they are by visiting file sharing websites. How much more likely? 21 times apparently, according to Cisco Systems researchers.
Hackers often target industry and business websites and infect them with malware. This is because business network infiltration can be extremely profitable. These websites are often targeted through the ad networks they use to generate additional revenue from their sites.
As an IT Manager you will be expected to protect your network from malware. Due to the high risk of third party ads serving malware, is the answer to block all third party adverts from being displayed? Many IT security pros do just that, and block adverts. These individuals believe there is actually no benefit at all to be gained from allowing the adverts to be shown. They just add an unnecessary risk to surfing the Internet. They also waste bandwidth and employees time.
Blocking third party adverts from being displayed is straightforward. A firewall policy can be introduced to prevent the adverts from being displayed. This functionality is also included with WebTitan’s enterprise content filtering solutions. With the latter, certain types of website can also be blocked to protect employers and employees. It is also possible to block adverts and even apply specific controls for certain groups of users or even individual employees.
You may feel ad blocking is an unnecessary restriction and would prefer to instruct members of staff not to click on the website adverts. Unfortunately, there will always be one employee who breaks the rules and that could result in malware being delivered. Are you prepared to take that risk?