Page 249 - COSO Guidance Book
P. 249
using an infected frame or invisible page element on a trusted website that redirects the user’s device in
order to download the malware. The user typically is unaware that this process has occurred and that
9
malware has been installed on the user’s computer.
10
A recent malvertising malware, eGobbler, affected over 1.6 billion ads.
Some controls regarding malvertising suggested by IT security firms include the following:
1. Use an ad blocker. Blocking all ads will virtually eliminate the threats posed by malvertising. For example,
Google Chrome has a feature under privacy and security settings to block both pop-ups and ads.
2. Visit the company’s website without clicking on the ad. This should provide some assurance that the
company is legitimate.
3. Run antimalware software on your computer.
4. Enable click-to-play for your browsers. The user will be required to approve all online advertising
content that requires a plugin (Flash, QuickTime, etc.). Hopefully, a user will be skeptical and carefully
review the displayed link before allowing content that contains malware from being downloaded onto
11
the user’s device.
Ransomware — Ransomware is a type of malware that prevents user access to data and/or computer
systems until a ransom is paid, typically in bitcoins. Commonly used methods used by perpetrators to
install ransomware on a user’s device include phishing and malvertising schemes.
Ransomware software can lock screens, encrypt data files, and perform other disruptive functions. One
form of ransomware is scareware. Scareware generally appears as pop-ups on your screen and advises
the user that the IT device has an infection. This fake antivirus software pop-up states that all
“discovered” viruses will be eradicated and future ones will be prevented. Unsuspecting frightened users
will then purchase this phony software.
One ransomware that had global impact is the “WannaCry” ransomware. WannaCry infected computer
systems in 99 countries by encrypting data files. In Great Britain, 40 National Health Service
organizations were affected, resulting in the cancellation of surgeries and other medical appointments. In
Russia, domestic banks, interior and health ministries, and large cell-phone carriers, among other entities,
were affected. In Spain, many large companies, including the natural gas provider, were hit.
WannaCry malware was believed to be created with tools stolen from the U.S. National Security Agency
(NSA). It was also believed that WannaCry exploited weaknesses in Microsoft systems identified by the
NSA. Once WannaCry infected a particular entity, it searched out other vulnerable computers and
infected them. WannaCry would display a screen stating some of the files would be decrypted for free,
and that a payment of $300 within three days was required to decrypt the files on all computers. Then the
ransomware stated that files would not be able to be recovered after seven days and, if you had little
money, there would be “free events” for those who couldn’t pay within six months.
12
9
https://us.norton.com/internetsecurity-malware-malvertising.html
10
https://www.technewsworld.com/story/86272.html
11
https://us.norton.com/internetsecurity-malware-malvertising.html
12
https://www.bbc.com/news/technology-39901382
© 2020 Association of International Certified Professional Accountants. All rights reserved. 5-15
