A recent survey conducted by CensusWide for Menlo Security has revealed that one in three UK consumers believe that more than half of all advertisements on websites or social media platforms are generated by artificial intelligence (AI). While AI has undoubtedly transformed digital marketing and advertising by enabling organizations to improve productivity, enhance customer interactions, and make data-informed service enhancements, it also opens up opportunities for malicious actors.
Menlo Security, a leader in cloud security, predicts a major increase in “malvertising” due to the rising use of AI in digital advertising. Malvertising refers to a highly evasive threat where malware is embedded into online or social media ads. These malicious ads are typically served through legitimate advertising networks, making them difficult to detect for both internet users and publishers. Clicking on such ads puts users at risk of infection.
Malvertising attacks are complex and usually comprise several stages in the attack chain. Attackers often start by breaching a third-party server to inject malicious code into a digital ad, such as a banner ad or video. If a website visitor clicks on the corrupted code, malware is installed on their device or they are redirected to a malicious website. Exploit kits may also be used to survey a system and exploit vulnerabilities.
Awareness of malvertising threats remains low, with many consumers not realizing that they can be infected with malware by clicking on a brand logo. According to the survey, approximately 48% of respondents were unaware that they can be infected via a social media ad, while 40% didn’t know that they can be infected by clicking on pop-ups and banners. This lack of awareness is concerning given that an estimated one out of every 100 online ads is currently malicious.
The accessibility of malware-as-a-service and AI-generated text and images has made it easier for attackers with little or no skills to create convincing ads and powerful evasive malware. Menlo Security expects a significant increase in malvertising as more AI tools and software become readily available.
To avoid falling victim to malvertising, it is crucial for internet users to exercise caution when clicking on advertisements on any website, regardless of their trust in the site. Users should carefully check website URLs before clicking by hovering their mouse over the ad to ensure the displayed URL matches the expected domain. Checking the authenticity of the brand logo is also important, as malicious actors may copy logos but fail to adhere to branding guidelines, resulting in stretched, squashed, or pixilated logos.
Users should also consider the intent behind the advertisement. Legitimate brands often aim to increase brand awareness through ads, while malvertising campaigns are more direct, urging users to “click here” or “buy now.” Being cautious of redirections is crucial, as multiple ad clicks increase the chances of encountering malware.
Menlo Security’s research indicates that users are only 3-7 clicks away from encountering malware online, and the growing prevalence of AI-generated content will further fuel the threat of malvertising. Therefore, staying vigilant and following best practices is essential for staying protected.
In conclusion, while AI has revolutionized digital marketing and advertising, it has also opened up avenues for malicious actors to exploit users through malvertising. Awareness of the risks associated with malvertising needs to increase, and users should take a cautious approach to clicking on ads, regardless of the website’s credibility. By adopting best practices and staying vigilant, users can reduce the risk of falling victim to malvertising.