Watch Out for Google Searches – “Malvertising” Is on…

There are many types of malware. One of the most common is called “malvertising.” It crops up everywhere. Including social media sites and websites. You can also see these malicious ads on Google searches.

Two things are making malvertising even more dangerous. One is that hackers use AI to make it very believable. The other is that it’s on the rise, according to Malwarebytes. In the fall of 2023, malvertising increased by 42% (month over month).

It’s important to inform yourself about this online threat. Knowledge is the power to protect yourself. Especially when it comes to malicious cybercriminals. Below, we’ll help you understand malvertising. We’ll also give you tips on identifying and avoiding it.

What Is “Malvertising?”

Malvertising is the use of online ads for malicious activities. One example is when the PlayStation 5 was first released. It was very hard to get, which created the perfect environment for hackers. Several malicious ads cropped up on Google searches. The ads made it look like someone was going to an official site. But instead, they went to copycat sites. Criminals design these sites to steal user credentials and credit card details.

Google attempts to police its ads. But hackers can often have their ads running for hours or days before they’re caught. These ads appear just as any other sponsored search ad on Google.

Google is not the only site where malvertising appears. It can appear on well-known sites that have been hacked. It can also appear on social media feeds.

Tips for Protecting Yourself from Malicious Online Ads

Review URLs Carefully

You might see a slight misspelling in an online ad’s URL. Just like phishing, malvertising often relies on copycat websites. Carefully review any links for things that look off.

Visit Websites Directly

A foolproof way to protect yourself is not to click any ads. Instead, go to the brand’s website directly. If they truly are having a “big sale,” you should see it there. This tip is useful for all types of phishing. Just don’t click those links and go to the source directly.

Use a DNS Filter

A DNS filter protects you from mistaken clicks. It will redirect your browser to a warning page if it detects danger. DNS filters look for warning signs. They, then block dangerous sites. This can keep you safe even if you accidentally click a malvertising link.

Do Not Log in After Clicking an Ad

Malvertising will often land you on a copycat site. The login page may look identical to the real thing. One of the things phishers are trying to steal is login credentials. They can get big money for logins to sites like Netflix, banks, and more.

If you click an ad, do not input your login credentials on the site. Even if the site looks legitimate. Go to the brand’s site in a different browser tab.

Don’t Call Ad Phone Numbers

Phishing can also happen offline. Some malicious ads include phone numbers to call. Unsuspecting victims may not realize fake representatives are part of these scams. Seniors are often targeted with malvertising scams. They call and reveal personal information to the person on the other end of the line.

Just say no to calling numbers in online ads. If you find yourself on a call, do not reveal any personal data. Just hang up. Remember, this is an elaborate scam. These people prey on triggers like fear. They also work to gain your trust.

Don’t Download from Ads

“Get a free copy of MS Word” or “Get a Free PC Cleaner.” These are common malvertising scams. They try to entice you into clicking a download link. It’s often for a popular program or freebie. The link actually injects your system with malware. The hacker can then do further damage.

Never click to download anything from an online ad. If you see an ad with a direct download link, it’s often a scam.

Warn Others When You See Malvertising

If you see a suspicious ad, warn others. This helps keep your colleagues, friends, and family more secure. If you’re unsure, try a Google search on the ad. You’ll often run across scam alerts confirming your suspicion. 

It’s important to be smart and arm yourself with knowledge. You can then share this with others. Foster this type of cyber-aware community. It helps everyone ensure better online security as well as get alerted of new scams cropping up.

Improve Your Online Security Today

Is your device up to date with security patches? Do you have a good anti-malware solution? Is DNS filtering installed to block dangerous websites?

If you’re not sure of any of those questions, contact us. Our cybersecurity experts are here. We’ll help you find affordable solutions to secure your online world.

Give us a call or email to schedule a chat about online security.

—

Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Cyber Experts Say You Should Use These Best Practices…

Today’s businesses are no stranger to the word cybersecurity. They are facing a growing wave of cyberattacks. These come from ransomware to sophisticated phishing schemes. How do you stand ahead of these threats? A strong cybersecurity strategy is essential. One crucial component of this strategy is event logging. It’s one that not every business owner is aware of.

Think of event logging as a digital detective. What does tracking activities and events across your IT systems do? It helps you spot potential security breaches and respond swiftly. As your managed IT service provider, we’re committed to helping you. We can help you understand the importance of event logging as well as how to put in place best practices to safeguard your network.

What Is Event Logging?

Event logging is the act of tracking all events that happen within your IT systems. “Event” can be many different things, such as:

• Login attempts
• File access
• Software installs
• Network traffic
• Denial of access
• System changes
• And many others

Event logging means to track all these and add a time stamp. This provides a robust picture of what is going on in your IT ecosystem. It’s through that ongoing picture that you can detect and respond to threats promptly.

Why is it critical to track and log all these events?

• Detect suspicious activity by monitoring user behavior and system events.
• Respond quickly to incidents by providing a clear record of what happened in a breach.
• Meet regulations that require businesses to maintain accurate records of system activities.

Best Practices to Use Event Logging Effectively

Event logging is most effective when you follow best practices. Here are some standard guidelines to follow. These are helpful if you’re just starting out as well as for those improving existing event-logging processes.

Log What Matters Most

Let’s be honest: You don’t need to track every digital footstep.  Logging every single action on your network can create a mountain of data that’s hard to sift through. Instead, focus on the events that truly matter. These are those that can reveal security breaches and compliance risks.

The most important things to log are:

• Logins and Logouts: Keep tabs on who’s accessing your systems and when. This includes failed attempts, password changes, and new user accounts.
• Accessing Sensitive Data: Track who’s peeking at your most valuable information. Logging file and database access helps spot unauthorized snooping.
• System Changes: Keep a record of any changes to your system. Including software installations, configuration tweaks, and system updates. This helps you stay on top of changes and identify potential backdoors.

Event logging is much more manageable when you start with the most critical areas. This also makes it easier for small businesses.

Centralize Your Logs

Imagine trying to solve a puzzle with pieces scattered across different rooms. It’s chaos! That is what happens when you try to work with several logs for different devices and systems. Centralizing your logs is a game-changer. A Security Information and Event Management (SIEM) gathers logs in one place. This includes those from various devices, servers, and applications.

This makes it easier to:

• Spot patterns: Connect the dots between suspicious activities across different systems.
• Respond faster: Have all the evidence you need at your fingertips. This is helpful when an incident strikes.
• Get a complete picture: See your network as a whole. This makes it easier to identify vulnerabilities.

Ensure Logs Are Tamper-Proof

It’s important to protect your event logs! Attackers love to cover their tracks by deleting or altering logs. That’s why it’s vital to make your logs tamper-proof.

Here are some tips:

• Encrypt your logs: Lock them down with encryption. This makes them unreadable to unauthorized eyes.
• Use WORM storage: Once a log is written, it’s locked in place, preventing changes or deletions.
• Use strong access controls: Limit who can see and change your logs to trusted personnel only.

Tamper-proof logs provide an accurate record of events even if a breach occurs. They also keep the bad guys from seeing all your system activity tracking.

Establish Log Retention Policies

Keeping logs forever isn’t practical (or always necessary). But deleting them too soon can be risky, too. That’s why you need clear log retention policies. 

Here are some things to consider:

• Compliance requirements: Some industries have specific rules about how long to keep logs.
• Business needs: How long do you need logs to investigate incidents or for auditing?
• Storage capacity: Make sure your log retention policy doesn’t overwhelm your storage.

Strike the right balance with retention. You want to ensure you have the data you need without sacrificing performance.

Check Logs Regularly

Event logging is only as good as your ability to use it. Don’t “set and forget” your logs. You should check them regularly. This helps you spot anomalies and identify suspicious patterns. It also helps you respond to threats before they cause serious damage. Use security software to help automate this process.

Here’s how to do it effectively:

• Set up automated alerts: Get notified immediately of critical events. Such as failed logins or unauthorized access.
• Perform periodic reviews: Dive into your logs regularly. Look for patterns that might show a threat.
• Correlate events: Use your SIEM to connect the dots between different activities. It can reveal more complex attacks.

Need Help with Event Logging Solutions?

As a trusted managed IT service provider, we’re here to support you. We can help you install these practices and ensure your business stays protected.

Give us a call or email to schedule a chat.

—

Featured Image Credit

This Article has been Republished with Permission from The Technology Press.