Appgate Identifies Malvertising Surge in Latin America

Malware variants such as ransomware and spyware have emerged as a growing threat to businesses operating in Latin America. However, a critical technique employed by cybercriminals to facilitate such attacks is malvertising, where seemingly legitimate digital advertisements are embedded with malicious code. These malvertising campaigns redirect users to phishing websites and are frequently distributed through major search engines such as Google, Bing and Yahoo.

According to Appgate, over 1,300 malicious browser ads redirected users to phishing attacks in Latin America between October 2022 and April 2023. This type of cyberattack can deliver multiple malware variants to the user's device, including viruses, trojans, ransomware, spyware or adware, among others. The effectiveness of this malvertising technique lies in its realistic design, making it challenging to identify as it blends seamlessly with legitimate online advertisements.

"It is crucial for users to learn how to spot warning signs and safeguard their data. In addition to featuring in the top left corner of search engine results with an indicator that may contain words like 'ad' or 'sponsored,' digital ads are followed by the website's URL or link. If this URL is fraudulent, it can be easily mistaken for an official page due to a simple alteration of letters or symbols that redirect to a fake site," cautioned David López Agudelo, Sales Vice President Latin America, Appgate.

One of the primary platforms frequently exploited for malvertising purposes is Google Ads, which is based on a bidding system that favorably positions the highest spenders. Cybercriminals leverage these features to execute meticulously targeted attacks based on keywords, geographic locations, device profiles and timing. Through this method, hackers systematically acquire sensitive user data, including financial information and system credentials, putting organizations and individuals at risk of suffering from potential data breaches. 

In response to this growing threat, Appgate has established an in-house tool for detecting phishing incidents originating from digital ads within Google, Yahoo and Bing search engines. With the help of this tool, suspicious ads are identified through automated monitoring and reported to Appgate's Security Operations Center (SOC) for further analysis and dissemination.

Upon confirming a potential phishing attack, a well-documented process is initiated, beginning with the creation of an incident ticket. This triggers mitigation strategies, including deactivation and prompt implementation measures, effectively protecting all parties involved. This multifaceted approach includes reporting the malicious advertisement to Google, which maintains strict policies against the dissemination of counterfeit products.

Appgate’s SOC approach to malvertising identification can be substantially beneficial to Latin American countries struggling to mitigate the proliferation and sophistication of illegitimate advertisements. In fact, this surveillance measure could help Mexico stay resilient against the 14 billion cyberattack attempts targeting the country during 1H23, as reported by Fortinet.