Recent reports of popular internet browser and computer operating system ransomware targeting the former LulzSec, Hackers of Samreel, and Greek-based presidential candidate Yiannis Koutsomitis followed a near daily roundup of websites that have also fallen victim to the cyber epidemic that has claimed millions in advertising revenues.
Hackers could use DDoS attacks that overwhelm websites with the noise to create an ad fraud funnel, extending their profits.
In a cyber-espionage attack on Israeli and U.S. government agencies that compromised 59 million user accounts as well as the private data of major media companies, Israel’s Shin Bet cyber-crime unit also discovered a single campaign to infect marketing software for messaging platform Telegram.
Deleting DoS attacks is much more resilient than ad fraud, but deploying web spam is more efficient for operators.
The malware also targeted popular microblogging site Twitter and popular video service Vimeo. Further details are being withheld in the interests of informing the victims. The malware could also hide within software running on many popular smartphones with advanced memory management and processor capabilities, including the iPhone and Samsung Galaxy S8 and S9 devices.
The campaign was discovered in August of last year when Microsoft found the malware’s code was still running on the computers of cyber criminals, who were using it to spread ransomware.
“After recovering malware code that appears to be from this campaign, we believed it was still relevant to understand how it was stolen,” Matt Thomlinson, a Microsoft corporate vice president wrote in a blog post.
The campaign would exploit a flaw in popular electronic mail software Avast Mail. Users who visited ads.rice.com, a popular automated ad delivery service that targets Roku streaming devices, were redirected to malicious websites in an ad fraud scheme. The same technique was used to distribute ransomware across financial information databases in the attack on the public-facing websites of government agencies, which showed up for the first time in Israeli government networks last year.
“Although we have established that the malware has largely been removed from the network by December, the team is now continuing to investigate what remained on what machines, including other potentially compromised websites. It is our belief that there are additional vulnerabilities in this threat that have not yet been discovered.”
Apple iPads and the Amazon Kindle Fire tablet were infected with an update of ransomware that was intended to re-install security updates when users initially reloaded their devices.
The ad fraud campaigns represent one of the most coordinated cybersecurity attacks to date. Over the summer, cyber criminals with suspected links to the Syrian government seized more than 250,000 internet router ports in Ukraine. The channels were used to unlock malicious software, which had infected thousands of corporate networks and personal computers through a spam campaign.
The botnet was responsible for stealing more than $100 million in ad revenues between 2013 and 2017.
Because DDoS attacks are more difficult to counter, ad fraud seems to be the more efficient and less costly way for cybercriminals to distract businesses and digital marketers from the potential consequences of being hacked.
The ad attack was part of a distributed denial of service (DDoS) attack that took down state-run television stations in Egypt as well as locally operated websites in the Gulf region.
“The malware scheme was applied to internet-based media publishing properties,” Ori Nir, the principal security researcher from SpiderLabs, said in a statement,” and involved stealing vast quantities of web content with malware-infected denial of service [DDoS] attack tools.”
Compromised websites and their contents were then distributed to online marketing platforms as part of a network infection.