Direct marketing industry nemesis the Daily Mail has fallen victim to ransomware scam perpetrated through its advertising network which saw rogue ads loaded onto its website, Mail Online.
The irony of the attack will not be lost on many working in DM, who have been pilloried for years, especially as it classic data analysis and data security methods would have been likely to have flagged up the threat.
The attackers used the so-called “Angler Exploit Kit” which takes advantage of security flaws in Microsoft’s Internet Explorer and Adobe Flash to gain access to the website via its automated ad platform, which sells ad-space to the highest bidder on an almost minute-by-minute basis.
The attack was uncovered by anti-malware software company Malwarebytes and only blocked after it notified the publisher of the attack.
“Malvertising has been one of the main infection vectors and continues to affect large publishers and ad networks through very distinct campaigns, very much like a whack-a-mole game,” warned Malwarebytes in a blog post.
“In addition to spreading via compromised websites, Angler EK leverages malvertising thanks to several different threat actors who use clever ways to go undetected as long as possible or are able to quickly adapt and get back on their feet if one of their schemes gets too much attention and is disrupted.”
The Daily Mail’s online advertising system runs on Microsoft’s Azure cloud service, and serves up adverts to more than 150 million visitors every month.
Daily Mail faces data privacy probe
Dear duplicitous, data-driven Daily Mail
Truth hard to swallow for British media
Hypocrytical Mail outraged again
Daily Mail slams ‘junk mail surge’
Junk deluge irks Daily Mail – again