Malvertising is the spooky threat NCUA wants you to know about

Cybersecurity month may be drawing to a close soon, but awareness and diligence of cyber threats is a year-long effort. In October 2024, National Credit Union Administration Chairman Todd Harper published a letter to credit union board of directors outlining their responsibility in overseeing the cybersecurity of their institutions.

In addition to detailing boards’ roles in operational management and incident response planning, Harper called to attention one particular type of cyberattack that is drawing the NCUA’s attention: malvertising.

As a credit union recently suffered a ransomware attack attributable to malvertising, it’s a good idea to learn what it is, why it’s dangerous, and what credit unions and their staff can do to mitigate the risks.

Ads can be more than just annoying

A relatively new form of cyberattack, malvertising uses digital ads injected with malicious code to infect unsuspecting users’ devices. The scary part is that it’s difficult to detect by both users and publishers as they often come from ads served by legitimate advertising networks. Scarier still, in some cases it doesn’t even require you to click on a link, making virtually every ordinary page viewer at risk of infection! (Though these are less common and depend on browser vulnerabilities.)

 

continue reading »