Friday 7 October 11:30 - 12:00, Red room
Jérôme Segura (Malwarebytes)
Chris Boyd (Malwarebytes)
Malicious advertising, A.K.A. malvertising, has evolved tremendously over the past few years to take a central place in some of today's largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target them with infinite precision and deliver such payloads as ransomware.
The complexity and layered structure of the ad industry has provided the perfect environment for rogue actors to game the system and create long lasting campaigns that go almost unnoticed. Indeed, by using a combination of social engineering and technical tricks, fraudulent advertisers are able to enter ad platforms and hide their malicious payloads so that traditional scanners are rendered useless.
In this paper, we will provide an overview of the ad industry's core concepts (programmatic, RTB, CPM) that are necessary to understand how and why online criminals are able to leverage the system to their advantage. We will also look into how rogue advertisers are able to defeat security screening both by creating fake identities and deploying advanced techniques to conceal malicious code from prying eyes.
While the debate about ad blockers rages, malvertising will continue to make headlines for the foreseeable future and this is why it is important to stay up to speed with its latest practices.
Jérôme is Lead Malware Intelligence Analyst at Malwarebytes. He has over 10 years' experience in information security and his specialities are malvertising, exploit kits, and malware analysis. Other professional accomplishments include building honeypots to capture drive-by download attacks and for a short while diving into server-side security, by cleaning up and hardening hacked websites. As part of his online investigations, he regularly collaborates with other industry members to report malicious activity and share threat intelligence. Finally, he has a special interest in identifying scams and has worked with the FTC as an expert witness to take down tech support scammers after getting personally bothered by some.
Chris is a multiple recipient of the Microsoft MVP in Consumer Security and former Director of Research for FaceTime Security Labs. He has presented at RSA, Rootcon and SecTor, and has been thanked by Google for his contributions to responsible disclosure in their Hall of Fame. Chris has been credited with finding the first rootkit in an IM hijack, the first rogue web browser installing without consent, and the first DIY Twitter botnet kit.