MadAdsMedia, a U.S.-based advertising network, was a victim of a cyber security attack, as reported on May 7 by TrendMicro. Hackers used the platform to stream modified advertisements, coded to redirect Web surfers to servers with the Nuclear exploit kit.
Exploit kits are programs designed to take advantage of the security holes in programs and applications on a computer. There have been more than 70 types of exploit kits identified to date, according to TrendMicro.
MadAdsMedia specified that up to 12,500 people might be affected by this most recent threat, and most of the affected individuals reside in Japan, Australia, and the U.S. Joseph Chen, the TrendLabs fraud researcher who brought attention to the recent attack, stated that this was initially taken as a case of mal-advertising.
Mal-advertising involved the alteration of advertisements to redirect Web users to websites with malicious content. However, in this instance, MadAdsMedia eventually realized that one of its servers had been hacked by cybercriminals.
The Nuclear exploit kit checks to see if you’re running an outdated version of Adobe Flash. If it spots this vulnerability, the Carberp malware is installed onto your computer to tap into your passwords and other private data.
Carberp, which has been around for a few years, has the ability to disguise itself as a Windows file. From here, it can remove antivirus protections installed on your computer, according to eWeek. Thus far, Carberp has hit the banking industry the hardest.
The Flash vulnerability being exposed in this latest attack is CVE-2015-0359, which was just patched this past April. MadAdsMedia told Chen and TrendLabs that it has been quick to take action on the matter.
The best protection you can give yourself against exploit kits is to keep your browser plugins up to date. Verifying the security of Web servers and applications is also essential to preventing a cyber attack.