Securing web browsers and defending against malvertising

2021 has already witnessed an alarming number of cyber attacks, with tech giant Microsoft being the latest organization to fall victim. The fallout has led to cyber analytics expert CyberCube warning the insurance industry to prepare for a large volume of claims related to cyber attacks on the servers running Microsoft’s email services. 


Following this attack, it is clear that even the largest organizations can be vulnerable to cybercriminals, showing why protecting corporate and customers’ data still remains one of the top priorities for organizations today. To reduce the chances of becoming victims of cyber attacks, the Cybersecurity and Infrastructure Security Agency (CISA) has set forth its “Capacity Enhancement Guides.”


These recommendations are exclusively targeted at federal agencies, covering best practices that should be employed largely across state, local and territorial governments, including private sector organizations. 


The benefit to users


As web browsers are the prime mechanism for how users network on the internet, security is a key area of unease and concern. Hackers today are much more sophisticated in their abilities to manipulate and exploit users who have unsafe browsing habits or unprotected software.


WPP’s GroupM forecasts that worldwide advertising revenue for media owners will jump 10.2% to a record $651 billion in 2021. The revenue and profit to be achieved through successful advertising campaigns are blinding and hackers are using this to their advantage. This is achieved through a practice called malvertising, something that most users never see coming. 


With malvertising, website advertisements are essentially hijacked, spreading viruses and malware to those who are unfortunate enough to click on an infected ad. These bugs bypass any built-in anti-virus software or browser protection then serve users with malicious ads that can come from altogether legitimate ad networks. Just as Spotify is tailoring its advertisements for its listeners, hackers can now use carefully-crafted and bespoke ads for each individual. Gone are the days of broad-spectrum attacks.


CISA has entered the new age of cyber defense and compiled a list of recommendations for federal agencies to defend against malicious advertising.


The first step is to standardize and secure web browsers. The quickest way for agencies to achieve browser security is via standardization. This is the fastest and most cost-effective approach that can be taken in this fight. Should agencies allow employees to operate from multiple web browsers, this will offer several drawbacks and ultimately give the upper hand to hackers. The first step in climbing the security ladder for agencies is to install a two-factor authentication (2FA) or multi-factor authentication system (MFA). This creates a scenario where a successful system breach requires sophisticated resources and efforts from hackers and provides agencies additional time to defend against the attack. According to SecurityBoulevard, MFA prevents more than 96% of bulk phishing attempts and more than 76% of targeted attacks. 


The next recommendation for federal agencies is to deploy ad-blocking software, which prevents pop-up ads and banners when employees browse the web.


The final recommendation from CISA to federal agencies reads: “isolate web browsers from operating systems.” This is a strategic and architectural decision. Browser isolation ensures a secure web browsing experience by moving all internet activity to an isolated environment, protecting computers from any malware the user may encounter. At first glance, this comes with an expensive and complex price tag for agencies. However, it can be argued that over time, browser isolation costs are lower. Isolation produces a compelling impediment between browsers and operating systems which operate under the assumption that all web traffic can be trusted.


Distant browser isolation takes this a step beyond conventional methods and transports the processing of web data from the local system to a secure location. Browser isolation is accessible from third-party service sources or as a software offering for federal agencies.


Building highly-targeted and effective campaigns


It has now been clarified how users – in this case federal agencies – can take full control over the online advertisements they choose to see. It would be a surprise if agencies decide not to implement at least one of the steps recommended, if not all three. While this movement continues to flourish, it will be publishers who face the aftereffects as they find themselves struggling on how to best modify their practices to try and overcome lost revenue. This is where Acceptable Ads comes into play enabling advertisers to build highly-targeted, safe and effective campaigns.


Acceptable Ads provides a way for advertisers to show select ads to ad-blocking users but in a safe, effective way that benefits both the users and the advertisers. In this case, it means users do not have to turn to certain types of ad-blocking software to reduce their chances of falling victim to these malvertising attacks. Unlike most ad-blocking tools, which block all forms of advertisements, Acceptable Ads has the Acceptable Ads Committee (AAC). 


The Committee determines the criteria that define what ads are acceptable and what ads are not. The AAC puts a huge emphasis on researching ad standards which respect the user experience while delivering real value to content publishers and online advertisers. This means advertisements that showcase some sort of malware can be detected by the AAC and will not pass as ‘acceptable’, thus protecting users from online ad fraud. 


There has never been a better time for advertisers to create high-quality material. The first benefit is as clear as a summer sky: grab the attention of current and potential customers, build upon current relationships and start forming new ones. However, the unique selling point for advertisers is the potential to tap into a market of over 200 million online users currently utilizing ad-filtering software. The key message for advertisers and users alike is to create nonintrusive ads and abide by the standards and measures developed for ad-filtering users, while keeping them safe online. This will decrease ad fraud and help win the fight against those trying to attack.


Launched in August 2021, Trestle is an Acceptable Ads advertiser solution that connects advertisers to over 225 million ad-filtering users at scale. Learn more at
LinkedIn | Twitter

Related posts

Future of ad blocking and advertising post covid19
Ad Blocking

The future of advertising and ad blocking

Advertisers who want to recoup the losses from COVID19 have to be creative and smart. Here are some predictions for the future of advertising and ad blocking.