Online Mobile, Advertising Attacks Need Attention

The "multi-layered structure" of the online advertising industry and the rise in mobile phone use to search for information wherever/whenever requires companies across multiple industries to step up security precautions.

Stagefright, the latest security flaw to hit Android devices, apparently lit a light under Google's feet. The malware hid in video text messages, allowing criminals to smuggle the bug inside as many as 950 million handheld mobile devices to steal information.

Calling it the biggest security update in history, Google says it will begin rolling out fixes to protect Android users.

Unfortunately, Stagefright remains one of dozens of incidents to affect always-connected mobile users. In July, security researchers at Malwarebytes Labs uncovered a large malicious attack on Yahoo's advertising network.



What happens when technology on the mobile device initiates the search, rather than the user? While the increase in mobile use, including searches, continues to feed the possibility for cyber theft, there are so many more ways for thieves to access consumer data or spread viruses.

In terms of online advertising, Jerome Segura, senior security researcher at Malwarebytes Labs, says "the problem we face today is a direct result of the multi-layered structure of the online advertising industry."

Segura said ad networks cannot stop all malicious activity, but they can ensure that new advertisers are properly screened and go through a probation period before allowing them access to larger groups of ads or non text-based advertisements, because dynamic ads tend to be more risky.

"The screening process that applies between a major ad network such as Yahoo! Ads or Google's DoubleClick and one of their trusted partners does not necessarily propagate itself through to other third parties down below," Segura said. "In many 
malvertising attacks, a rogue advertiser is sometimes four to five levels removed from the original ad network because the ad space got resold multiple times."

Companies need to apply security screening and quality assurance at every layer of the advertising chain, no matter how big or small an ad agency to prevent these kinds of issues, Segura said.

Next story loading loading..