A report published by the Digital Citizens Alliance coalition based in Washington D.C. in collaboration with White Bullet and Unit 221B details the activities of an “Unholy Triangle” of organizations that are working with cybercriminals to insert malware into what appears to be legitimate online advertising to the average user.
Known as malvertising, the report details how cybercriminals are working with entities that specialize in piracy to employ scare tactics and other techniques that, for example, facilitate campaigns involving misleading ads such as a false claim that the user has a computer virus. They are also coaching illicit actors on tactics to frighten or entice users to click on such ads.
The coalition specifically calls out advertising networks that are not vigilant about where they place ads and the type of advertising they accept for being complicit in distributing malware.
Digital Citizens Alliance worked with White Bullet, a provider of tools to combat piracy advertising, and Unit 221B, a provider of cybersecurity services, to analyze thousands of piracy sites, including well-known platforms such as Fmovies[.]to, Myflixer[.]to, and Dramacool9[.]co. The non-profit coalition of consumers, businesses, and Internet experts focused on educating the general public and policymakers has previously estimated piracy is a $2 billion-plus ecosystem fueled by illicit access to movies, TV shows, and live entertainment.
The collation is now estimating piracy operators are generating at least $121 million in revenues by injecting malware into advertising that contains ransomware, downloads spyware to track a user’s activities, seeks access to a user’s device to steal banking information, or simply flags the device for a future attack. More than half of the $121 million generated came from U.S. visits to these sites, the report noted. Digital Citizens Alliance also noted Americans who visit piracy sites are two to three times more likely to report an issue with malware than those who say they haven’t visited these sites.
Overall, malvertising accounts for 12% of the total ads on piracy sites, with nearly 80% of all pirate sites serving up an estimated 321 million ads containing malware. On average, one in six visits to a piracy site leads to an attempt to serve malware, according to the report.
Many cybersecurity professionals have long known how malvertising is used to distribute malware but the extent to which this attack vector is being employed shines a spotlight on how pervasive the issue has become. Organizations of all sizes should be applying more pressure on advertising networks that programmatically distribute advertising without any regard to the content included. There also needs to be more government oversight of how ad networks operate.
Obviously, there also needs to be a lot more education for end users that often don’t think twice about visiting a site that has been created for the express purpose of distributing malware. Cybersecurity professionals, of course, have been warning about fake sites for years now. The issue is with hundreds of millions of ads infected with malware being served up it only takes a few end users to make a mistake that unleashes havoc across an entire organization.