Major upgrade has been introduced to online advertising industry and hackers are taking advantage of it.
Advertisements. They are everywhere. They always have been. TV, Newspaper, magazines, any websites you visit, any games you play, and now many of the apps we tap or click on everyday show advertisements in all corners whether or not we notice them. Now, the new technology allows the advertisers to pinpoint their targets. So they don’t have to waste their money on less effective ad spaces, and we are shown more of what we are interested in. Clever, right? But how do they do it and why could this be another possible threat to us?
The recently introduced real-time bidding works the wonders in targeting the right potential customers. The bidding begins when a user visits a website and is triggered by various types of data such as the user’s demographic information, browsing history, or/and the user’s location. Advertisers can set the targets by different categories or even by a specific industry or a company. Instead of buying in bulks, real-time bidding is sold on a per-impression basis. Advertisers can set their maximum bidding amount or total budget and the autonomous bidding repeats among the bidders for each ad slot on every page. It is considered to be more effective and everyone seems to like the idea of being able to specify the viewers. When the bid is won, you earn the right to show the ad that redirects the viewer to the landing pages by a simple click.
The convenience of being able to sort the target is letting the hackers to choose their target with more accuracy.
Cybercriminals are known to have signed with ad brokers to participate in real-time ad bidding as the cost of winning a spot can be less than $1, insignificant amount compared to the damage they can do.
How do they qualify to put their ads out? Have a little cash? Check! Have a landing page? Check! You, too, are qualified! Once the bid is won, the ad is in the slot of the target’s favorite pastime readings, informative news feeds, work related articles, and social medias. These misleading ads supplied by hackers will redirect the viewers to compromised websites that often look legitimate and will infect the system with a malware.
One of the first reported cases involved a US defense contractor who was targeted for his personal interest. When he was visiting a popular website for his hobby, an ad popped up on his screen that struck his interest, which redirected him to a free hosting site with a malware.
The hackers were able to target a specific potential victim from gathering his data since third party advertising companies allow advertisers to host their own ad content to gather their own metrics on the ads. And the attacks just couldn’t be easier for the hackers as the ad companies allow the ads to automatically redirect visitors anywhere.