One of the main tactics that cybercriminals install malware with is malvertising – the displaying of malicious adverts on legitimate websites that send visitors to websites where malware is installed. The HookAds malvertising campaign is one such example and the threat actors responsible for the campaign have been particularly active recently.

The HookAds malvertising campaign has one aim: To bring browsers to a website hosting the Fallout exploit kit. An exploit kit is malicious code that operates when a visitor lands on a web page. The visitor’s computer is searched to determine whether there are any flaws – unpatched software – that can be exploited to silently download files.

In the case of the Fallout exploit kit, users’ devices are reviewed for many known Windows flaws. If one is found, it is exploited and a malicious payload is installed. Several malware variants are currently being sent through Fallout, including information stealers, banking Trojans, and ransomware.

According to threat analyst nao_sec, two different HookAds malvertising campaigns have been discovered: One is being used to send the DanaBot banking Trojan and the other is sending two malware payloads – The Nocturnal information stealer and GlobeImposter ransomware through the Fallout exploit kit.

Exploit kits can only be used to send malware to unpatched devices, so companies will only be at risk of this web-based attack vector if they are not 100% up to date with their patching. Sadly, many companies are slow to apply patches and exploits for new vulnerabilities are frequently installed to EKs such as Fallout. Due to this, a security solution is required to block this attack vector.

HookAds Malvertising Campaign Emphasises Importance of a Web Filter

The threat actors to blame for the HookAds malvertising campaign are taking advantage of the low prices offered for advertising blocks on websites by low quality ad networks – those frequently utilized by owners of online gaming websites, adult sites, and other types of websites that should not be viewed by employees. While the site owners themselves are not actively engaging with the threat actors responsible for the campaign, the malicious adverts are still served on their websites along with legitimate ads. Luckilu, there is an easy solution that blocks EK activity: A web filter.

TitanHQ has created WebTitan to allow companies to carefully manage employee Internet access. Once WebTitan has been installed – a quick and simple process that takes just a few minutes – the solution can be set up to quickly enforce acceptable Internet usage policies. Content can be blocked by category in seconds.

Access to websites that host adult and other NSFW content can be quickly and easily blocked. If an employee tries to visit a category of website that is blocked by the filter, they will be redirected to a customizable block screen and will be advised why access has been prohibited.

WebTitan makes sures that employees cannot access ‘risky’ websites where malware can be installed and blocks access to productivity draining websites, illegal web content, and other sites that have no work basis

For more information on WebTitan, pricing, reserving a product demonstration, or register for a free trial, get in touch with the TitanHQ team now