Readers of Mail Online, the internet site of the Daily Mail and the world’s most popular online newspaper, have been exposed to a ransomware scam perpetrated via its advertising network.
The attackers used the Angler Exploit Kit in a bid to snare victims by seeking to take advantage of security flaws in Microsoft’s Internet Explorer web browser and (altogether now) Adobe Flash.
The attackers were able to gain access to the website via its automated advertising platform, which effectively sells advertising space to the highest bidder on an almost minute-by-minute basis.
The attack was uncovered by anti-malware software company Malwarebytes and only blocked after it notified the publisher of the attack.
“Malvertising has been one of the main infection vectors and continues to affect large publishers and ad networks through very distinct campaigns, very much like a whack-a-mole game,” warned Malwarebytes in a blog post revealing the attacks.
It continued: “In addition to spreading via compromised websites, Angler EK leverages malvertising thanks to several different threat actors who use clever ways to go undetected as long as possible or are able to quickly adapt and get back on their feet if one of their schemes gets too much attention and is disrupted.”
The Daily Mail’s online advertising system runs on Microsoft’s Azure cloud service, and serves up adverts to more than 150 million visitors every month.
It is not the first time that advertising networks have been compromised by hackers looking to attack PCs exploiting, in particular, security flaws in Adobe Flash and popular web browsers. Dubbed “malvertising”, other publishers and websites affected include The New York Times, Spotify and the London Stock Exchange.
Users are advised to keep key online applications – web browsers and common Adobe plug-ins – patched up-to-date, with the settings for such plug-ins set to click-to-play, not play automatically.
The rise of malvertising is one of the reasons behind the renewed popularity of apps that can block online advertising.
Computing’s Enterprise Security & Risk Management Summit will be held on 26th November 2015 in Central London.
The event is free to qualifying end users – register now!