Researchers at Devcon published a report on the analysis of malicious advertising. According to experts, most advertising campaigns target Windows users.
According to the report, 61% of malicious ads noticed between July 11 and November 22, 2019 targeted Windows users.Bad ad campaigns are targeting Windows more often than any other operating system. But should we be surprised?”, — question Devcon experts.
Reference:
A bad ad campaign is merely a series of online ads linked to a common threat set, designed to have a malicious effect on the end-user. These campaigns are designed to redirect the user to malicious sites or to trick the user into downloading a piece of malware.
According to experts, the reason for such a high rate is the huge market share of Windows, so majority of malware in the last 30 years was intended for Windows devices.
Windows 10 has come a long way since 2015 and surpassed Windows 7 in the most used operating system category in the world. Popularity of the operating is a powerful motivator for bad actors. Why write an exploit that would only target a few users, when you can write one than can affect countless numbers of users?”, — say Devcon experts.
As has shown analysis of malicious campaigns, attackers are also actively interested in other OSs. In particular, over the past four months, a significant number of banner ads have been aimed at users of ChromeOS (22.5%), macOS (10.5%), iOS (3.2%), Android (2.1%) and iPadOS (0,8%). Linux users turned out to be the least attractive for malicious advertising, which accounted for only 0.3% of all banners.
If bad actors mainly focus on Windows, it stands it explains why they would have little time for Macs – or at least systems of machines that are owned by the average computer user. Some would also argue that Windows is not as secure as its competitors, an especially compelling argument while comparing with Linux operating system. Let’s not forget bad ad campaigns targeting a Linux OS are extremely rare. Granted, Linux devices are far fewer in number than their more mainstream counterparts”, — conclude experts.
Recall that earlier specialists from Confiant analyzed 120 billion malicious advertisements that forcibly redirected the user to malicious sites or loaded the secondary payload. In the third quarter of 2019, Scamclub, eGobbler, RunPMK, and Zirconium were responsible for majority of the malicious ads distributed through ad networks.
How to Protect Yourself? (Devcon experts’ recommendation)
Keep in mind online ads are built on JavaScript, and JavaScript is running on your machine. In other words, take precautions. Here are some necessary security steps to defend against bad ad campaigns:
- Use antivirus and ensure it is updated – It is called antivirus, but it protects against all forms of malicious software.
- If it sounds too good, don’t click it – It is called clickbait for a reason. It doesn’t just refer to cat videos and sensational headlines; it can also be catchy ads or ads indicating you won something.
- Clear your cache – Your browser’s cache knows a lot about you. Saved cookies, saved searches, and Web history could point to a home address, family information, and other personal data.
- Consider using browsers built for security.
- Say no to the ‘Save Password’ feature in browsers – It might be convenient, but opt for a password manager instead.
- If you see something, say something – If you are on a website and see a bad ad, report it to the site holder.
