Hackers strike defense companies through real-time ad bidding

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/2835215/data-protection/hackers-strike-defense-companies-through-realtime-ad-bidding.html

By Jeremy Kirk
IDG News Service
Oct 17, 2014

A major change this year in how online advertisements are sold has been 
embraced by hackers, who are using advanced ad-targeting capabilities to 
precisely deliver malware.

Security vendor Invincea said it has detected many instances of people 
within defense and aerospace companies stumbling across malicious 
advertisements that are shown only to them, a scheme it calls "Operation 
DeathClick." A white paper on the scheme will be released Friday.

The cybercriminals are taking advantage of a sea change in the online 
advertising industry, which has mostly stopped selling "bulk" user 
impressions and moved to real-time bidding for advertisements that are 
highly targeted, said Patrick Belcher, director of malware analysis at 
Invincea, in a webinar presentation Thursday.

Web advertisements are sold to the highest bidder on online exchanges by 
buyers who can specify who the ad is shown to by IP address range, region, 
industry vertical or even just by specific corporations.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/