Advertisements on sites such as The New York Times, BBC and The Hill were altered to deliver readers “ransomware” by an unknown group of cybercriminals.
Known as “malvertising,” the attack is designed to exploit vulnerabilities on a user’s computer before encrypting their hard drive and demanding a bitcoin ransom in order to unlock it.
“If a user’s computer is vulnerable, the ad will download the Angular exploit kit and injects it into the webpage, providing the ransomware’s creators with the ability to lock the computer user’s files,” writes James Walker of Digital Journal.
As noted by internet security software company Malwarebytes, the malvertising campaign targeted some of the web’s largest news websites which reach billions of users collectively.
“Out of the blue on the weekend we witnessed a huge spike in malicious activity emanating out of two suspicious domains,” writes the Malwarebytes Official Security Blog. “Not only were there a lot of events, but they also included some very high profile publishers, which is something we haven’t seen in a while”
According to Malwarebytes researcher Jérôme Segura, major advertisement networks targeted by the attack included Google, AppNexus, AOL and Rubicon.
Although ad-blocking is often viewed merely as a way to remove advertisements, such technology is more and more becoming a necessary security tool.
While browser extensions such as “AdBlock” and “AdBlock Plus” are among the most popular, actions from both companies, which include not blocking all ads by default, have led many to choose more security-focused options.
“Instead of ABP, many users are now moving to uBlock Origin,” says security expert Andrew Case in his online security guide. “It provides the same benefits as Ad Block Plus without the potentially questionable business practices — and also without allowing paid advertisers to bypass the filters.”
Available for both Firefox and Chrome, “uBlock also has a number of other advantages, such as incorporating malware and spam domain filters as well as blocking WebRTC,” a feature in browsers which can inadvertently reveal the actual IP addresses of people using Virtual Private Networks (VPN).
Users can also disable the tool on specific websites by clicking the large power symbol, allowing them to choose which news sites they wish to still support financially.
Late last year, other major websites including eBay and Weather.com were also hit with malvertising campaigns.