HC3: Analyst Note TLP Clear: Malvertising and Healthcare September 25, 2024

Executive Summary 

Malvertising is a cyberattack method where legitimate advertising networks are infiltrated with malicious advertisements. The term malvertising is a combination of “malicious” and “advertising,” which refers to the use of online advertising to spread malware. It exploits the infrastructure of digital advertising to deliver malicious content to users, often without their knowledge or interaction. These ads can appear on reputable websites and are designed to automatically infect devices with malware upon viewing or interacting with the ad. This form of attack leverages the trust users have in well-known websites, and ultimately exploits the complexity of the online advertising ecosystem. This report provides an in-depth look at malvertising, its methods and impacts, and mitigation strategies to prevent its risks. To prevent serious damage to the Healthcare and Public Health (HPH) sector, HC3 encourages organizations to review the following report to increase awareness of these types of attacks and to employ available mitigations.

Report 

The healthcare sector commonly makes use of digital technologies that can make it more susceptible to malvertising attacks. In today’s digital era, with a large amount of ads being created and used online through digital ad exchanges, it can be challenging for users to detect the malicious programs that are disguised to look like legitimate ads. Malvertising can appear on any site where advertising is used. Additionally, since not every user will click on online ads, it can make it even more challenging for defenders to decipher between which one is malicious or safe. Malvertising can be used to deliver multiple types of malicious programs that can pose a serious risk to the HPH sector:

• Ransomware: Encrypts the user’s files and demands a ransom for their release.
• Spyware: Gathers sensitive information from the user’s device without their knowledge. • Adware: Displays unwanted advertisements and may track user behavior.
• Trojans: Disguised as legitimate software, Trojans provide unauthorized access to the user’s device.
• Cryptojacking: Uses the victim's device resources to mine cryptocurrency without their consent.