Major news sites have been exploited by hackers using a malware exploit package known as the “Angle exploit kit.” Some of the targeted sites include The New York Times, BBC, Newsweek, AOL, MSN, The Hill, and the Guardian. A bit of dark humor is in that one of the infected news pages was a Guardian article asking if cybercrime was getting out of hand.
In laymen’s terms—these attacks work by infecting an otherwise trusted site then redirecting Web-page visitors to a malicious site that downloads malware into the victim’s computer. The malicious software scours the host’s computer looking for java based vulnerabilities to exploit. After finding a flank to turn it can block off all usability and accessibility to the owner’s computer and any information contained within. At that point, the end user is faced with a choice of potentially loosing vital information or paying the criminal hackers to essentially get their computer back. The popular term for this type of criminal exploit and software is called ransomware.
This is an expensive problem for multiple parties.
Obviously, the computer owner or end-system user is being hurt whether they pay the ransom or not. If they do not pay the ransom they will either have to spend time and money to remove the malware or spend time and money to regenerate the lost information. When these users do pay to get their computer back they are only feeding the beast. The ransomware packages are inexpensive to buy and run, and it is said they only need to get a few victims to pay to cover their cost—anything else after that is profit; profit that will oftentimes be reinvested to develop more sophisticated attacks in the future.
A second victim in this is the host site, which was exploited and infected. The attacks damage the host’s credibility and could very well cost it, its visitors and thereby precious advertisement revenue. This happened to Lenovo PC, a Chinese computer company, who was targeted by a ransomware attack. Even though the company has promised a safer PC experience they are still struggling to fix their credibility and relationships with customers.
A final victim in all of this (albeit a less talked about one) is the legitimate web based advertisers. Free ad blocking software is deeply affecting their long-term viability and incidents like this will only drive more and more PC users into the ad blocking software’s arms. After all, just by turning ads off altogether is another way to stop your computer from getting infected.
At this point we have come full circle. Advertisement is the lifeblood of the free internet and if that is cut off it will hurt the content websites and through that the end users.