Ad blockers: key tools in the fight against malware

A document sent to the US Congress published by Motherboard, the technology section of Vice, confirms that CIA personnel, the NSA and other members of the US Intelligence Community widely use ad blockers in their Internet browsers. 

This measure was adopted to remove the distraction of adverts on web pages for employees, but it provides additional protection against malware. In fact, the document states that "The Intelligence Community (IC) has implemented ad-blocking technologies in networks and uses multi-level information, including data provided by the DNS, to block unwanted and malicious content.” 

Advertisements are entry vectors  

Vice's experts also highlight the cybersecurity benefits of ad blockers, as more and more hackers are using legitimate-looking ads as an entry vector to introduce malware, steal information or even exploit web vulnerabilities. In fact, WatchGuard's "Internet Security Report 2021" cites a specific example of threat actors using, among other methods, ads to collect user information and one of the most commonly phished domains in this respect is cspecial-breaking[.]news. 

All this indicates that if a website keeps its data traffic encrypted using an SSL or TLS certificate (i.e. when using HTTPS protocol) this provides minimal, but insufficient protection nowadays. The same report notes that in Q2 of 2021 alone, 91.5% of malware broke in through encrypted connections and ransomware has skyrocketed by 150% this year.  

The most notorious case from recent months, which reflects this sharp rise in ransomware, is the cyberattack on Colonial, which we have already blogged about on several occasions. But there have also been other serious incidents, such as the one that affected the Irish Health System or the attack that used the company Kaseya’s software, where the main victims were MSPs.  

Comprehensive protection and continuous monitoring 

The variety of entry vectors, including malicious ads and scripts on the web, makes the already weakest link in the security chain – in other words, employees – vulnerable. That's why they need to implement solutions that deliver comprehensive protection for their IT devices, which are persistent and accompany them wherever they go.  

In the current situation where remote working has become so prominent and, therefore, the cybersecurity perimeter has expanded with added risks, companies must have protection capabilities that reach all their users and devices: a single infected endpoint can prove a serious threat.  

WatchGuard Passport addresses these needs effectively: it's a complete suite of Cloud-managed services that provides employees with the cybersecurity they need to work seamlessly from the office, home, or on the move. 

First, this suite includes DNS-level protection using DNSWatchGO, delivering visibility for all devices regardless of location. By proactively identifying DNS requests, it detects any malicious content on the web. It applies filtering with 130 predefined categories, but also allows easy management of roles and content access permissions pre-set by users themselves or by administrators. Secondly, it also incorporates full protection, detection and response on all endpoints offered by WatchGuard EPDR. Finally, it also furnishes multi-factor authentication (MFA) thanks to Authpoint, to prevent identity theft by credential theft or data breaches.  

This solution enables organizations to be well prepared to fight threats of any type or entry vector, including the web and advertisements.