There are many dangers that a company might face on a day to day basis and while some of these can be mitigated by enacting effective policies, this will only help up to a certain extent. Consider the Web for a moment; it’s a popular attack vector that’s been used by malicious hackers for quite a while now, used to spread malware be it via botnets, spyware or scareware. Security best practices suggest instructing users to only visit websites that are reputable in order to avoid such infections; however, even if your users were to religiously follow these guidelines, an element of risk still remains.
For most attacks a hacker would need to lure his victim to a malicious website, so if we educate our users to recognize and avoid such websites the attacker would be thwarted, but not always. Sometimes malicious hackers do not actually depend on luring victims, but rather they try to go to victims directly and they do this by exploiting Internet advertising. One such occurrence happened recently and was reported by the BBC where attackers used Spotify advertisements to expose victims to scareware.
Such attacks are not limited to free applications; any website that runs advertisements can be exploited in such an attack. Luckily, these attacks tend to be quickly detected by the organization running the advertisement and shut down; however, until this happens there is always the possibility that people have been affected, which is what happened in the case involving Spotify, where the malicious advertisement targeted an application used by approximately ten million users.
In order for anyone to protect themselves from such attacks an internet monitoring solution and an antivirus are the only effective modes of protection. Internet monitoring solutions can scan your web traffic for known attacks and can also scan sent files for viruses, effectively stopping such an attack from happening. For additional security an effective patch management strategy can also be of help as in many cases these attacks will also exploit vulnerabilities in the operating system and web browser used.