CISA Tells Agencies to Consider Ad Blockers to Fend off Malvertising

Around a year ago, at the very beginning of 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) called upon federal agencies to implement adblocking software and establish standards for web browser usage across their employees. Such measures are meant to result in the elimination of commercials containing malicious scripts of all sorts.

Although adblockers aren’t a magic pill for malicious advertising (yet) which went bananas recently. You definitely heard of (maybe even faced yourselves) weight loss pills, manhood enlargement/erectile dysfunction cures scam ads. So, these scams are back with full force. They plagued TikTok, Facebook, YouTube, popular social media, and streaming platforms. By the way, we’ve considered the problem of fake profit goods and scam ads baning a slew of industries. If you want to know more about the wide variety of those magic cures and other stuff, you’re welcome to read this article.

“Some browser extensions are known to accept payment from advertisers to ensure their ads are allowlisted from blocking,”

the agency said, citing concerns that Sen. Ron Wyden, D-Ore. raised last year to the Federal Trade Commission.

And they’re right. Firstly, because of the “Acceptable ads program” and secondly, because of the business model of certain adblocking software solutions. To be more specific, we’d ask you a simple question. How do you think free adblockers earn a pretty penny? The only free cheese is in the mousetrap.

And, despite the “not 100% efficiency of adblockers concerning the malvertising”, Ron Wyden had called upon the White House to deploy and use adblocking software, reasoning the urge by citing “at least one media report of Russia using seemingly innocuous advertisements to target a state election agency.”

Getting back to standardizing web browser usage across employees, CISA also said that agencies can protect their networks from all possible cybersecurity threats including malicious advertising by specifying one browser to be used by the workforce. Why? Multiple browsers and their versions provide cybercrooks with more possibilities of breaching. Taking to account the human factor, we completely agree with this. Now, look. Put the case: an agency numbering at least 100 employees, all of them use PC and Internet on a daily basis. Some of these employees use Chrome, others use Firefox, while 15 of them use Safari. Ok. there are already 3 different ways (while even 1 is too much already) for hackers to steal data using vulnerabilities. Now look, take only Chrome users. Let it be 40 employees, all of them use different versions of Chrome. Hypothetical “Fred” has updated his browser only once when it told it wouldn’t work without an update. Hacking older browser versions for cybercrooks is a piece of cake. A more “up-to-date” malicious script will sneak into Fred’s Chrome in a blink of an eye if he clicks an infected ad.

While expensive to implement at the start, “over its lifecycle, browser isolation may have a lower cost, based on reduced costs for maintaining ad blocking software, lower incident response and recovery costs, and bandwidth efficiencies,”

the guide said.

Closing this short article, we would like to insist that the problem of malvertising is real. CISA has made an important step towards adopting adblockers on a higher level. And while companies/agencies are still hesitating, security- and safety-conscious users around the world stick to trusted and reliable adblocking software either for mobile devices or PCs.

By the way, check out our “Sale” section, maybe there’s a juicy discount for you to get 🙂