At a glance.
- Sophos threat analysis report: Malvertising through purchased Google Ads.
- MOVEit vulnerability remediated faster than most.
- Report: US companies made up 51% of ransomware victims in Q2 2023, with LockBit taking first place among the gangs.
- DeliveryCheck backdoor used against Ukrainian targets.
- SORM under stress.
- Ukrainian police roll up another bot farm working in support of Russian influence operations.
Sophos threat analysis report: Malvertising through purchased Google Ads.
Sophos has released a threat profile report for malvertising campaigns that use paid advertisements to infect victims with infostealers and backdoors. The threat actors have been using search engine optimization (SEO) poisoning to position themselves at the top of search results, thereby making users more ready to click malicious links and download malware. The threat actors have found that it pays to advertise. Sophos explains, “As well as conning search engines to try and get their malicious sites near the top of search results, they can also pay for the privilege: buying paid ads from Google so that their sites are guaranteed to appear prominently. This attack – known as ‘malvertising’ – is often aimed at users looking to download popular software applications.” (IcedID and Gozi are two malware strains particularly mentioned in dispatches.)
Malvertising isn’t a new tactic, but its rate of implementation is increasing. “In January 2023, for example, Tech Monitor reported that users searching for OBS (a screencasting and streaming app) saw as many as five malicious links at the top of the search results– which, if clicked, downloaded the Rhadamanthys infostealer. Spamhaus and Guardio Labs also reported on this increase.” Through its own research Sophos has determined that many of the malicious ads were in fact purchased and presented through Google Ads. And larger market trends are also reflected in the criminals’ ad buys. Sophos also noticed that newer malvertising campaigns tend to forgo previous fake advertisements for sought-after tools like WinRAR and Notepad++, instead targeting users searching for AI-related tools such as ChatGPT and Midjourney.