Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Popular English-Language Israeli News Sites Hit by Malvertising Attack

Visitors of two well-known English-language news websites based in Israel could have had their computers infected with malware after cybercriminals managed to hijack the digital ads being served on the site.

Visitors of two well-known English-language news websites based in Israel could have had their computers infected with malware after cybercriminals managed to hijack the digital ads being served on the site.

Researchers at Malwarebytes noticed earlier this week that the websites of The Times of Israel and The Jerusalem Post had been serving malicious ads as part of a malvertising campaign that appears to involve several threat actors.

The malicious advertisements have been set up to redirect unsuspecting users to a page hosting the Nuclear Exploit Kit, which was recently spotted in an attack leveraging Facebook and the online magazine AskMen. Nuclear EK exploits Flash, Adobe Reader and Internet Explorer vulnerabilities in an effort to push malware onto victims’ computers.

In the attack affecting The Times of Israel and The Jerusalem Post, the cybercriminals were attempting to distribute a piece of malware detected by Malwarebytes as Trojan.Agent.BPEN. This is actually a threat of the Zemot family, which is designed to download other pieces of malware onto infected machines, including the information-stealers Zeus and Kuluoz. It’s worth noting that most of the readers of these news websites are located in the United States, according to statistics from SimilarWeb.

Malvertising campaigns are becoming more and more common and have hit a large number of high-profile websites recently. An operation analyzed recently by Cisco affected the websites of Amazon, Yahoo, WinRAR, and YouTube and targeted both Windows and Mac users.

In a blog post published on InfosecIsland on Thursday, RiskIQ CEO Elias Manousos warned that malvertising not only exposes users to fraud and personal data theft, but also damages brand equity and customer loyalty. The expert said a single malvertising campaign can affect more than 10% of the Web’s top 1,000 most visited sites.

“The malvertising problem stems from that fact that when an organization places an online advertisement it is typically placed by an ad network. Often, ad networks will resell unfilled ad spaces to other networks — basically doing anything to avoid unused real estate. Meanwhile, an ad is typically sent directly from the servers of the ad network that inherits the space, and are out of the advertising organization’s control,” Manousos said.

“This multi-level online advertising supply chain has any number of weak links that an attacker can exploit to slip malware into legitimate ads or even take out their own ads. Advertiser vetting by the ad networks is usually limited to the credit checks needed to assure payment for ad placement. There are no integrated controls, industry-enforced standards, or end-to-end accountability across the supply chain.”

Advertisement. Scroll to continue reading.

 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...