Ruby on Rails and PHP were popular in the short term, but in the long term, and Python is increasing again.
DEVCON’s 2019 Holiday Threat Report, released on Wednesday, illustrates how criminals use ad-based attacks and offers advice on what organizations can do to better protect themselves against these types of campaigns.
SEE: The 10 most important cyber attacks of the decade (free PDF) (TechRepublic)
Advertising threat is defined by DEVCON as the armament of advertising technology to spread malware, Trojan horses and other malicious attacks to consumers and to deceive marketers and publishers.
During the 2019 Christmas shopping season between Thanksgiving and Cyber Monday, the level of lower-risk digital advertising even dropped to 0.07% from 1.25% in 2018, DEVCON said. However, the number of highly advanced attacks with this method increased. More than 60% of malicious advertising threats from this period came from highly advanced attacks such as Led Zelpdesk, Lucky Star, Avid Diva and Invisible Ink.
How cyber criminals bind their victims
In this regard, cyber criminals apply a few tactics to attack their victims:
- Misuse of the code of a service provider. Bad actors create fake accounts with ad networks and use that company’s ad tags to deliver exploits on websites without jeopardizing the target company’s servers.
- Partner exploitation. One type of attack that has surfaced is Magecart, which skips e-mail addresses, passwords and other sensitive data from online payment forms in an attempt to steal that information. To carry out these attacks, cyber criminals will look at checkout and login pages to find external partners that can easily be compromised. The attackers then implant malicious code into those pages to collect the sensitive data as it is entered on the form.
“While these less advanced hackers are being excluded from the ad threat game, the more advanced bad actors are not only becoming more covert in covering up these attacks, they have escalated the types of exploits, broadened the attack surface and are not limiting these attacks on the ad tag scripts, “said DEVCON CEO Maggie Louie in a press release. “The real risk is data breaches, which can lead to huge fines in the new regulations. Advertising threat is a security gap that should not be managed by marketing teams, just like phishing attacks by email marketing teams.” threats must be managed and monitored by security teams. “
SEE: How to build a successful CIO career (free PDF) (TechRepublic)
How to protect your organization
- Perform an annual penetration test. Use an independent security company to perform an annual penetration test to detect any gaps in your security model. If you move assets to the cloud, you must also determine whether you are working with the cloud provider in a shared security model and you must be aware of your respective responsibilities.
- Expand your plate. Consider appointing a CISO or CIO to sit on the board.
- Search for security risks. Regularly evaluate security risks and mitigation measures in all your departments and
- Look at your cyber security insurance. Check your cyber security insurance to make sure you have the right controls and mitigators to meet all your requirements.
Cyber Security Insider Newsletter
Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday