A sea of malvertising troubles: it's time to take arms

After much anticipation, the Draft Investigatory Powers Bill was published last week, provoking mixed responses. While there was no outright ban on encryption (which, if there was, would have been almost impossible to enforce), internet service providers were instructed to store details of every website visited by users for twelve months at a time.

Meanwhile, data breaches continue to dominate headlines, with major companies – from Talk Talk to British Gas to M&S – having had serious flaws in their security systems exposed, with customer and staff files alike made public.

Most fitting, then, that Marcin Kleczynski – the 25 year-old founder and CEO of our cyber security client Malwarebytes – dropped by last week from the US to host a business roundtable discussion with a select few industry journalists. Principally, discussion was focused on the growing threat of malvertising, a type of online attack wherein malicious code hidden within an online ad infects computers with malware.

Damaging businesses and consumers alike, recent attacks on big names such as Yahoo and Match.com via ad networks exemplify the need to address this threat. Most perniciously, users don’t even have to click on the ad to get infected; all it takes is an out-of-date internet browser.

Photo: Katie White @ Osborne Clarke

Photo: Katie White @ Osborne Clarke

For close-up detail, Jérôme Segura – a senior security researcher and the mastermind behind discovering many attacks – joined Marcin via video link. Also in attendance was top cyber security legal expert Mark Taylor, Partner at Osborne Clarke, a firm renowned for its work in the tech space. By examining some of the legal issues surrounding malvertising, Mark shed new light on the topic. 

A pertinent issue for the Osborne Clark team, law firms are among the most heavily targeted institutions for cyber attacks due to their extensive range of personal and financial data on file. If successful, a malvertising attack could infect a legal professional’s computer with malware that encrypts all its data – a devastating blow for everyone involved (except, of course, the hackers).

Consequently, it has never been more important for people to arm themselves with a working knowledge of malvertising: from how it works to why it’s hard to catch – a single line of code is all it takes to create one malicious pixel – to protection. As it's dangerous to delay, get the facts today.

— Isabelle Dann @izzydann