Organizations face a growing risk of sensitive data being compromised by ad injection malware. The latest figures released by Google suggest that an organization employing 100 individuals is likely to have at least five computers infected with ad injection malware.
This form of malware causes adverts to be displayed to the user that would not normally appear when visiting websites. The malware infects their browsers and results in annoying adverts being displayed, some of which contain links to legitimate retailers. Others contain much more sinister content. With little control exerted over the individuals placing the ads, cybercriminals are able to take advantage and place adverts containing links to malicious websites.
However, that is not the only security risk. When the malware infects a browser it causes changes to how websites are displayed. A connection to a website would be secured under normal circumstances, preventing third parties eavesdropping on the session. Unfortunately, when a browser is infected, the process used to encrypt the connection is broken. Sessions are no longer encrypted, and any data entered by the user could potentially be seen by a hacker or cybercriminal monitoring their connection.
When accessing a webpage via an open Wi-Fi network, an eavesdropper could quite easily listen in on the session. Usernames and passwords could be revealed as well as other confidential information.
Lenovo laptops were pre-installed with ad injection software
Potentially a user could avoid having their browser infected with the malware, but not if they bought a Lenovo laptop. Even brand new, straight-out-of-the-box laptops had been “infected”. In this case, by Lenovo. They have been shipping brand new laptops with legitimate software installed that inserts adverts into Google searches. The software in question is called Superfish and it functions as an image search engine.
Superfish is able to show adverts by using a root certificate which replaces a trusted website’s security with its own. This is how it is able to display adverts. Unfortunately, the security used by Superfish can easily be cracked. In fact, it already has been, so any Lenovo computer with Superfish installed cannot be used to securely browse the Internet. On an open Wi-Fi network, even a secure website such as an online banking site would not be secure.
Anyone not wishing to lose their privacy could uninstall Superfish. Unfortunately, if the software is uninstalled the security hole remains. The owner of the laptop will be permanently at risk of having their privacy violated and their internet surfing monitored. A problem for any employer allowing Lenovo laptops to be used for BYOD.
Google takes action to protect Chrome users
This type of “malware” is not new of course. The problem is the number of new applications and browser extensions that allow this form of advertising. Google has recently removed approximately 200 Chrome extensions from its web store that are capable of injecting ads into otherwise secure sites. Unfortunately, Google has discovered approximately 34,000 standalone applications that are able to inject ads when users browse the internet. There are approximately 50K Chrome extensions that allow ad injection according to Google researchers.
The solution for now, for employers at least, is to ensure that they do not use open Wi-Fi networks in the workplace. This will prevent any eavesdropping even if a user’s browser has been infected. BYOD participants should be instructed on the risk of using open Wi-Fi networks and told never to use their devices to access work accounts using public Wi-Fi hotspots.