A wave of new cyberattacks is underway that uses fake Internet ads to execute malicious code on a victim’s computer, according to Canadian cyber security firm Akouto. The attacks make unauthorized use of computers to run code that mines cryptocurrency in the user’s browser.

Using fake Internet ads to spread malware is nothing new, with incidents of “malvertising” recorded as early as 2008. What’s new in this wave is the combination of malvertising with a new attack known as cryptojacking, which according to cyber security experts has surpassed ransomware as the number one threat on the Internet today.

“March was an incredibly active month for the combined malvertising-cryptojacking attack,” said Dominic Chorafakis, founder of the Toronto-based Akouto. “Starting on March 7, our central monitoring servers recorded a spike in attacks being blocked by managed intrusion prevention systems on customer networks,” Chorafakis continued. “The attempts were detected at virtually every site at a rate that was 3,500 percent higher than the months prior. Reports in April showed a decrease in activity but still averaged 700 percent higher than the first two months of 2018.”

Malvertising is one of the most effective techniques used by criminals to distribute malware. Hackers pay to display malicious online ads on legitimate advertising networks that do a poor job of weeding out harmful ads from legitimate ones. People are tricked into clicking on these ads because they are displayed on many popular websites through ad syndication. More advanced malvertising attacks can even infect vulnerable systems that simply display the harmful ad without needing any interaction from the user.

Browser-based cryptomining is a relatively new development that some websites use as an additional source of income. Websites that use this technology in a legitimate way will request consent from their visitors to run JavaScript mining code in the browser. They then use a small amount of the computer’s resources to mine cryptocurrency in the background. Cybercriminals use significantly more aggressive techniques and bypass security features to remain hidden and active for as long as possible. Users experience slow or sluggish computer performance, their CPUs run hotter as they work harder to perform complex mining calculations and computer fans spin faster in an attempt to keep the system cool. For businesses this translates into real costs resulting from higher energy consumption, shortened hardware lifespans and increased IT service calls.

“Businesses can no longer rely on anti-virus alone to protect their systems and applications,” said Bruno Macchiusi, founder of Toronto-based IT Service Provider Alpha Logics. “We're seeing a large number of attacks that are able to bypass anti-virus these days and cryptojacking is just one of them. Users need to combine different protection mechanisms like anti-virus and ad blockers with more advanced technologies like network intrusion prevention to stop threats at the network level before they can reach vulnerable systems.”