Hackers use online ad bidding to target defence suppliers
17 Oct 2014
Hackers are using advanced ad-targeting capabilities to execute precise malware delivery, pcadivsor.co.uk reported.
It quoted security vendor Invincea, which said it had detected many instances of people within defence and aerospace companies in the last six months, stumbling across malicious advertisements that were shown only to them, a scheme it calls "Operation DeathClick."
Invincea sdaid on iots website, "Within the last six months, Invincea has discovered and stopped highly targeted malvertising attacks against companies in the Defense industry as part of an active campaign we have dubbed Operation DeathClick.
"While we have discovered these attacks across multiple Defense companies we expect it won't be long before other segments including Government, Financial Services, Manufacturing, and HealthCare are targeted with the same TTPs."
A white paper on the scheme, Micro-Targeting Malvertising via Real-time Ad Bidding is due to be released today.
Patrick Belcher, director of malware analysis at Invincea said in a webinar presentation yesterday that cybercriminals were taking advantage of a sea change in the online advertising industry, which had mostly stopped selling "bulk" user impressions and moved to real-time bidding for advertisements that were highly targeted.
Web advertisements are sold to the highest bidder on online exchanges by buyers who can specify to whom the ad would be shown by IP address range, region, industry vertical or even just by specific corporations.
Cybercriminals were taking advantage of that and were signing with ad brokers to participate in real-time ad bidding. They had to win a bid for the right to display an ad, but the cost could be as little as $0.65, according to Belcher.