{"id":18949,"date":"2021-08-09T22:14:48","date_gmt":"2021-08-09T22:14:48","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=18949"},"modified":"2021-08-09T22:14:48","modified_gmt":"2021-08-09T22:14:48","slug":"malvertising-campaign-targets-iot-devices-geoedge","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/malvertising-campaign-targets-iot-devices-geoedge\/","title":{"rendered":"Malvertising Campaign Targets IoT Devices: GeoEdge"},"content":{"rendered":"

A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers.<\/p>\n

The executives said the \u201cmalvertising\u201d campaign \u2013 which was uncovered by GeoEdge\u2019s security research team with AdTech partners InMobi and Verve Group \u2013 came out of Ukraine and Slovenia and reached as far as the United States, though CEO Amnon Siev it has since been contained.<\/p>\n

With many people still working from home<\/a> due to the global COVID-19 pandemic, an attack on IoT devices connected to home networks pose a threat to organizations whose employees may be doing their work on those same home networks, Siev told eSecurity Planet<\/em>. And with many IoT devices unprotected<\/a> during the pandemic, the potential for an attack is substantial.<\/p>\n

\u201cThe new vector reveals browsing the web on the Wi-Fi network may open a gate to IoT attacks, which may have many impacts, including attacking enterprises,\u201d he said.<\/p>\n

Malvertising is Evolving<\/h2>\n

According to GeoEdge, the widely distributed attack is an escalation in malvertising campaigns, where malware<\/a> is spread via the injection of malicious code into online display ads through online ad networks and passing that code into connected devices.<\/p>\n

This new campaign is the first to use online ads to silently install apps on home network-connected IoT devices. The attackers don\u2019t need to be particularly skilled to pull off such an attack, according to GeoEdge officials. They essentially need a basic understanding of device API documentation, some capability with JavaScript and low-level online advertising skills.<\/p>\n

The IT industry and online advertising world can expect similar attacks to follow a similar pattern, Siev said, adding that it represents the \u201cevolution of malvertising.\u201d The attack itself is low-cost with little sophistication. However, the distribution of the campaign is broad, which means the impact is high, he said.<\/p>\n

As with most malvertising campaigns, the ad networks were generally unaware about the malicious content. With this attack, end users targeted by the attack didn\u2019t have to click on the infected ad or navigate to a malicious web page to kick off the attack on the IoT devices. In most ways, the attack followed traditional malvertising means, Siev said.<\/p>\n

\u201cThis malicious campaign displays a fake Nike ad to the end user, but it also contains additional \u2018fingerprinting\u2019 code that is used to verify that it executes on an actual mobile device, in order to identify and hide from automated security scanning tools that are often used by security researchers,\u201d he said. \u201cOnce it identified such tools, it hides the malicious payload via cloaking to camouflage [itself and] appear as a benign, legitimate ad.\u201d<\/p>\n

An Attack by a Criminal Ring<\/h2>\n

The CEO said the attacks were launched by a criminal ring rather than a state-sponsored group, though he didn\u2019t identify the name of the group. GeoEdge also couldn\u2019t say how many victims there were or what kinds of IoT devices were being attacked.<\/p>\n

Siev also couldn\u2019t say exactly what the attackers were looking for or how they were manipulating the devices but did say that generally bad actors target IoT devices to either steal personal information or money like credit card numbers and to manipulate home systems like gates, safes and door locks. They also may sell the personal data they find on the dark web.<\/p>\n

IoT a Security Concern<\/h2>\n

The IoT for years has worried security professionals, who see it as greatly expanding the attack surface. The devices can range from the smallest sensors to machines on factory floors and include both consumer and corporate machines. Device developers at times will spend their money on features rather than security and the data on the devices often move between the devices and the cloud or on-premises data centers.<\/p>\n

IoT device security has also attracted the attention of federal government officials (see The IoT Cybersecurity Act of 2020: Implications for Devices<\/a>).<\/p>\n

Cisco Systems is predicting that by 2023, there will be almost 30 billion connected devices and network connections, a rise from 18.4 billion in 2018. Of those, almost half \u2013 14.7 billion \u2013 of network devices will be IoT devices<\/a>, up from the 33 percent three years ago, Cisco officials said. That makes home and industrial IoT an attractive target for bad actors who want to leverage malvertising, according to GeoEdge executives.<\/p>\n

Will Get Worse Before It Improves<\/h2>\n

Simon Aldama, principal security advisor at IT services management company Netenrich, told eSecurity Planet<\/em> that the risks associated with IoT security currently will get worse before they get better. Too often manufacturers prioritize releasing their products to market and interface connectivity rather than effective controls, all of which is made more difficult by the weak implementation of IoT standards, frameworks and basic security in designs.<\/p>\n

Aldama also said that the threat to enterprises in work-from-home scenarios is \u201chugely significant.\u201d<\/p>\n

\u201cHome networks are unhardened, unsegmented, unmanaged, unmonitored and sometimes consisting of up to 70 devices with unpatched vulnerabilities available for exploitation,\u201d he said. \u201cOrganizations expect cyber campaigns to exploit soft targets such as these to disrupt operations and associated supply chains. The delivery of malicious code through advertising supply chains is an insidious attack spanning over the course of 15 years. Threat actors have the capability to silently exploit millions of user endpoints without interacting with web page elements to carry out attacks such as ransomware<\/a> delivery, identity theft, crypto mining or other forms of criminal monetization.\u201d<\/p>\n

Spending on Digital Display Ads Increasing<\/h2>\n

Online display ads likely will continue to be an attractive target to cybercriminals. According to eMarketer, total digital ad spending will reach $455.3 billion in 2021<\/a>, with 55.2 percent going to display advertising and 40.2 percent to search. The gap between the two ad models continues to tip in favor of display advertising, the firm said. Three years ago, there was only a 10 percent difference in spending between display and search ads. Helping to fuel the change are consumers increasingly embracing social media and digital video.<\/p>\n

\u201cThe consumer move to a preference for digital-first interactions will grow the potential threat landscape that can be targeted by attackers,\u201d Tyler Shields, chief marketing officer at JupiterOne, which offers cyber asset management and governance solutions, told eSecurity Planet<\/em>. \u201cMore apps, more data in the cloud, more digital experiences mean more targets of both opportunity and chance. There will be a continued increase in data compromise as we move more and more of our daily life into the cloud. We’ve really only just begun to see the expansion of digital experiences and the attacks that will grow alongside them.\u201d<\/p>\n

There are steps enterprises can take to reduce the risk presented by employees working on insecure home networks, Aldama said. They include allowing conditional access to corporate infrastructure to hardened devices issued by IT, updating work-from-home policies and procedures, and security awareness training for those working remotely. In addition, organizations can adopt Secure Access Service Edge (SASE) access methods.<\/p>\n

Ultimately, there\u2019s only so much that users can do, GeoEdge\u2019s Siev said.<\/p>\n

\u201cFor users, antivirus [and] firewalls are not sufficient,\u201d he said. \u201cResponsibility lies in the hands of website owners and ad platforms to integrate a real-time ad quality tool.\u201d<\/p>\n\n\n

\n \n\n \n\n
\n \n <\/path>\n <\/svg>\n <\/div>\n \n
\n
\n

\n Get the Free Cybersecurity Newsletter <\/h3>\n \n \n

\n Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday <\/p>\n <\/div>\n\n

\n
\n \n Email Address\n <\/label>\n \n <\/div>\n\n
\n
\n \n \n By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time. <\/label>\n <\/div>\n <\/div>\n \n