Malvertising Is Likely Coming to a Browser Near You

Cybercriminals are increasingly posting malicious ads on legitimate websites to obtain data and spread malware. Discover how malvertising works and what you can do to protect your business from it. 

Cybercriminals do not take holidays off — in fact, they often use them to their advantage. That's how a group of hackers celebrated President's Day in the United States. They launched a massive malicious advertising (malvertising) campaign that involved more than 800 million ad impressions on legitimate websites between February 16-19, 2019, according to Confiant security researchers. The ads were designed to trick users into entering personal and financial information in order forms for fake products.

A Serious Problem

Malvertising is a serious problem. Avast notes that it is one of the top five endpoint threats affecting small businesses. That's because cybercriminals are increasingly posting malvertising on legitimate websites in order to:

  • Obtain sensitive data. Like in the President's Day campaign, hackers use malvertising to obtain sensitive data, such as payment card or bank account information.
  • Deliver exploit kits. These kits are designed to find known vulnerabilities in systems. If a vulnerability is found, it is used to install malware or carry out other types of malicious activities.
  • Deliver malicious payloads directly. Pop-up ads, for example, can deliver malware as soon as they appear or after people click the "X" button to close them.

The Devious Ways in Which Malvertising Works

To understand how malvertising works, you need to know how web browsers render web pages. When you visit a web page, your browser automatically receives the page's content so it can display the page. So, for example, when you visit your favorite business news website, all the articles, pictures, ads (malicious or not), and other elements on the page are automatically sent to your browser.

What the malvertising does next depends on whether it includes malicious code. For instance, suppose hackers want to deliver an exploit kit. One way they can do this is to create ads that try to lure you into clicking a link. The ad itself does not contain any malicious code. However, if you click the link, you will be sent to a server that delivers an exploit kit. If the kit finds a vulnerability, it is used to install malware on your device.

Even worse, some malicious ads deliver exploit kits without you doing anything other than going to your favorite website. In this case, the malvertising contains code that automatically redirects your browser to a server, which delivers the exploit kit. The redirection occurs behind the scenes, without you clicking a single link.

How Hackers Get Malicious Ads on Legitimate Websites

Hacking into legitimate websites and inserting malicious ads is a lot of work. That's why cybercriminals typically pose as businesspeople to get their malvertising online. This ruse is successful because there are many different ways to get ads on websites (e.g., through advertising agencies, using advertising networks) and there is no standard vetting process. The groups involved in getting ads often do not request much information from the people submitting them. Plus, while some groups check ads before accepting them, others do not.

Even if the ads are checked, hackers find ways around the screenings. For example, sometimes they submit their ads with the malicious code disabled and then enable it after the ad is accepted and put online. In addition, hackers often remove the malicious code from their ads shortly after they are posted to make it more difficult to detect and track their attacks.

How to Protect Your Business

While the digital ad industry knows about malvertising and is taking steps to mitigate the problem, it will be awhile before these ads are no longer a threat. Thus, you need to proactively protect your business. Here are some of the measures you can take:

  • Educate employees about malvertising. Be sure to discuss the dangers of clicking links in ads, as the ads might be malicious.
  • Tell employees about the dangers of allowing pop-ups and redirects. Most modern web browsers block pop-ups and redirects by default, but this functionality can be manually disabled. Let employees know this is dangerous since malvertising sometimes uses both pop-ups and redirects. Similarly, let them know they should not enable web content that has been disabled by their web browsers or security software, as it might contain malicious ads.
  • Uninstall browser plug-ins and extensions not being used. This will reduce the computers' attack surface. For the plug-ins and extensions being used, consider configuring web browsers so that plug-ins and extensions are automatically disabled but can be manually enabled on a case-by-case basis.
  • Update software regularly, including browser plugins and extensions. Exploit kits look for known vulnerabilities in software. Patching these vulnerabilities helps eliminate entry points into devices.
  • Install ad blockers. Ad blockers remove or modify all ad content on web pages. However, they might unintentionally block non-ad content, causing a web page to display improperly or not at all.

We can help you develop a customized strategy to protect your business's devices from malvertising and other types of cyberattacks.


How the Models in the Samsung Galaxy S10 Series Stack Up

Samsung is launching four models of its flagship smartphone, the Galaxy S10. Discover when these smartphones will be released and how they differ from each other.

The Galaxy S10 (standard model), Galaxy S10+ (deluxe model), and Galaxy S10e (entry-level model) are expected to arrive in stores on March 8. Samsung will also be releasing its first 5G-ready phone, the Galaxy S10 5G, but it won't be available until the second quarter of 2019.

So, if you are in the market for a new Galaxy S phone, you have several choices. Here are some considerations to keep in mind when deciding which model would work best for you.

What the Galaxy S10 Models Have in Common

All four of the Galaxy S10 models ship with the Google Android Pie (version 9.0) operating system. The hardware powering this software is either the Qualcomm Snapdragon 855 processor (United States and China) or Exynos 9820 (Europe and India). Other features that the S10, S10+, S10e, and S10 5G share include:

Edge-to-edge display.One of the first things people notice about the Galaxy S10 phones is their edge-to-edge displays. To maximize the size of the phones' screens, Samsung trimmed the bezels and eliminated the selfie camera notch at the top. All the phones have Dynamic AMOLED Infinity-O displays. Samsungtouts that this type of screen reduces harmful blue light without changing the onscreen colors when the phones are being used in the dark.

Dedicated neural processing unit (NPU).For the first time, the Galaxy S phones have a dedicated NPU for artificial intelligence (AI) tasks. As a result, AI tasks are expected to run seven times faster in the Galaxy S10 models compared to their predecessors. The NPU uses machine learning, which enables the devices to recognize patterns, learn from experience, and make predictions.

Bixby. While the Bixby virtual assistant is not new to the Galaxy S10 models, it does have a few more tricks up its sleeve. For starters, the virtual assistant now includes Bixby Routines, which learn your habits in order to predict your needs and provide personalized recommendations. In addition, Bixby can connect to Galaxy Buds, Samsung's new wireless earbuds. Because of this connection, you can make calls and send texts from your earbuds using voice commands. Bixby also connects with Samsung's new Galaxy Watch Active smartwatch.

Wireless PowerShare. The new Wireless PowerShare feature lets you use a Galaxy S10 phone to charge other devices, such as Galaxy Buds, Galaxy Watch Active, and smartphones that support WPC Qi wireless charging. All you need to do is plug in the S10 phone, lay the phone down backside up, and place the other device on top of the phone.

Headphone jack.Unlike Apple's iPhone XS series, all four models of the Galaxy S10 have a headphone jack in case you do not want to use Galaxy Buds or some other type of wireless headphone. This seemingly insignificant feature is a big deal to many smartphone users.

How the Galaxy S10 Models Differ

There are many ways in which the four Galaxy S10 models differ from each other. Perhaps the most obvious difference is that the S10 5G is 5G ready, while the S10, S10+, and S10e do not support this new wireless networking technology. Other notable differences include:

Display size and type. Not surprisingly, the higher-end Galaxy S10 phone models have larger screens and better resolutions than the lower-end models. For example, the S10e has a 5.8-inch Full HD+ display, whereas the S10+ has a 6.4-inch QHD+ display, as Table 1 shows. QHD+ displays are longer than typical phone screens, which gives the appearance of a widescreen.

Table 1: Comparison of Features in the Galaxy S10 Models


Table 1: Comparison of Features in the Galaxy S10 Models

S10e S10 S10+ S10 5G
Display size 5.8-inch flat display 6.1-inch curved edge display 6.4-inch curved edge display 6.7-inch curved edge display
Display resolution Full HD+ Quad HD+ Quad HD+ Quad HD+
Display pixels per inch (PPI) 438 550 522 505
Fingerprint scanner Capacitive scanner on the power button Ultrasonic scanner built into the display Ultrasonic scanner built into the display Ultrasonic scanner built into the display
RAM options 6 GB or 8 GB 8 GB 8 GB or 12 GB 8 GB
Storage options 128 GB or 256 GB 128 GB or 512 GB 128 GB, 512 GB, or 1 TB 256 GB
MicroSD card slot Yes Yes Yes No
Fingerprint scanner Capacitive scanner on the power button Ultrasonic scanner built into the display Ultrasonic scanner built into the display Ultrasonic scanner built into the display
Front cameras Selfie Selfie Selfie and RGB depth-sensing Selfie and 3D depth-sensing
Rear cameras Wide angle and ultra-wide Wide angle, ultra-wide, and telephoto Wide angle, ultra-wide, and telephoto Wide angle, ultra-wide, telephoto, and 3D depth-sensing
Dual SIM option Yes Yes Yes No
Battery size 3,100 mAh 3,400 mAh 4,100 mAh 4,500 mAh
Base price Starts at $750 Starts at $900 Starts at $1,000

 

Fingerprint scanner.Samsung has replaced Galaxy S9's iris scanner with a fingerprint scanner in Galaxy S10. While the S10e has a conventional capacitive fingerprint sensor on its power button, the other three S10 models feature an ultrasonic fingerprint scanner that is built into the display. The ultrasonic scanner captures 3D images of fingerprints, making it much harder for thieves to deceive this authentication system using a 2D picture.

Memory and storage.The memory and storage options for each of the S10 models vary, as Table 1 shows. The S10, S10+, and S10e have a MicroSD card slot, so they can support up to an additional 512 GB of storage.

Cameras. Samsung is known for its smartphone cameras, and the Galaxy S10 models do not disappoint. The number of cameras found in each model ranges from three in the S10e to six in the S10 5G. Table 1 lists each model's cameras.

The Bottom Line

The Galaxy S series has been around for nearly a decade, so the phones have many features and capabilities to offer. However, the phones are not cheap. The pricing starts at $750 for the S10e, $900 for the S10, and $1,000 for the S10+. (Samsung had not yet released the price for the S10 5G at the time of this writing.)

If you are interested in a 5G-ready phone, you will probably want to wait until the Galaxy S10 5G is released. The S10 5G will work with 4G LTE networks as well, according to experts. If the 5G feature does not interest you, you still have the Galaxy S10, Galaxy S10+, and Galaxy S10e from which to choose. If you have questions about any of these models, contact us.