Ad-blocker analytics firm PageFair yesterday announced that it suffered a somewhat severe cyber attack over the weekend. The incident – which in total lasted only 83 minutes – left Internet users who visited affected publisher’s websites exposed to a severe risk of malware infection.
The Dublin-based firm, which works with around 3,000 publishers, noticed the attack almost immediately on Saturday evening, and was able to deal with the cyber-breach within an hour and a half. Unfortunately, for the duration of those 83 minutes, anyone visiting one of the 501 affected sites (on a Windows computer) may have been vulnerable to infection – but only if they clicked on a fake Adobe Flash update – says the firm.
According to a blog published on its website entitled ‘Halloween Security Breach’, the infection appears to have only affected around 20% of publishers that use the anti-ad blocking software. The blog also explains that it seems only 2.3% of visitors to the 501 affected websites were infected – a relatively small proportion of visitors.
That is not to say that PageFair is treating the hack as anything less than severe. Sean Blanchfield the company’s CEO has issued a frank apology,
‘If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now. We are directly notifying every publisher who had our code deployed during [the time period of the attack].’
Sadly for PageFair, helping publishers to overcome popular ad blocking services – and get as much revenue from their content as possible – may well have flagged it up for attack. The cyber-breach most likely coming from a disgruntled hacktivist who is morally opposed to any software that attempts to stop people from blocking unwanted adverts while surfing the web.
According to Blanchfield, the hack itself was executed via a spear-phishing attack that gave the attacker control of a vital email account. Once in, the hacker executed a password reset that allowed them to take control of the firm’s Content Delivery Network (CDN). From that point on, the hacker was easily able to inject malicious malvertising software into the publisher’s websites.
In the company’s blog, Blanchfield goes on to explain exactly how the malware may affect infected computers, and what to do if you suspect you have been compromised,
‘We have received reports that the malware in question causes unexpected behaviors in certain Microsoft products such as Word, Excel, and Outlook. If you notice unexpected behavior please use one of the anti-virus programs listed here to scan your system. Choose one of the programs beside the red text (the top-half of the list). This should fix the problem.’
According to Michael Sutton, CISO at Zscaler, the entire attack could have been avoided using two-factor authentication, though he has commended the firm both for the timely recovery from and outward transparency about the attack,
‘It is a stretch to call this a ‘sophisticated’ attack as it began with spearphishing. It is concerning that PageFair would maintain an account as critical as the one used to access their CDN without two-factor authentication, which could have prevented this attack.’
‘hugely ironic to see Malware being served by a compromised analytics platform which is itself based around the notion of Adblock measurements and ‘non-intrusive ads’ for page visitors running ad blockers.’