GeoEdge Reveals Ad-based Cybercrime Targeted at Smart Home Network IoT Devices

Israel-based GeoEdge, the ad security transparency solutions provider for the online advertising ecosystem, revealed that it found out an ad-based cybercrime specifically aimed at smart home network-based internet of things (IoT) devices. While working with the AdTech partners of the company Verve Group and InMobi, security researchers of GeoEdge identified the attack vector and its source from cyber threat actors in Ukraine and Slovenia.

The team of security research in GeoEdge has also been investigating the malvertising attacks targeting smart home network-connected IoT devices. The attack vector, which is largely distributed, is the very first one to utilize online advertising for silently installing applications on home-Wi-Fi network IoT devices. It only needs that hackers have some basic understanding of API documentation devices, JavaScript knowledge as well as rudimentary advertising skills online. IoT Analytics, the market research company, has forecasted that over 30 billion IoT devices will be there across the globe by 2025, which will make industrial and home IoT more vulnerable and advantageous for malvertisers.

Amnon Siev, the GeoEdge CEO, said that the company’s analysis technology of behavioral code and advanced detection capabilities of malware found some online ads that inject malware inside the smart-home connected IoT devices. With the partnership between Verve and InMobi, they became capable of exposing the infrastructure, origin, and scale of such attacks globally. The joint mission was created on deep understanding and trust of the entire threat landscape that allowed them to build new user protection standards.

Malicious advertising or malvertising distributes malware by injecting a malicious code inside online ads through advertising networks online, exposing the user’s networks and other connected devices towards the potential infection risk. Advertising networks generally remain unaware that they are providing malicious content. But here, GeoEdge discovered the malvertising users aimed with cyber-attack that do not even need clicking on the malicious ad or navigating to an infected page for initiating the attack on smart-home network IoT devices.

The GM of Publisher Platform at InMobi, Kunal Nagpal, said that digital advertising is continuing to have a bigger marketing budgets share for small and large companies, and with that, growth comes along with potential risks. He added that it is quite critical that they have balances and checks to find out and restrict potential malicious threats prior to their infection into user’s devices. The partnership with GeoEdge improves user protection all over the ad ecosystem via advanced detection in real-time. This ensures a completely safe ads delivery to their global partners. It also helps them to maintain the quality and trust of users.

The large IoT attack’s impacts unveiled in research of GeoEdge include the capabilities to manipulate devices of IoT, downloading of apps without the consent of users, personal information or monetary instruments theft risks, and tampering with systems like surveillance cameras and smart locks. For blocking these attacks, GeoEdge discovers that antivirus applications and firewalls also are not enough. It notes that continuously blocking infected ads within real-time can prevent the ads from being presented and rendered to users.

Credits: To know more about GeoEdge’s discovery of ad-based cyber-attack, visit the site.