Cyber Incident Victim: Forbes
Date:
Sep 2015
Location:
United States of America
Summary
Forbes.com experienced a malvertising incident where a limited number of ads delivered malware to visitors via the Neutrino and Angler exploit kits, which targeted vulnerabilities in users' devices. The malicious ads, originating from a single unidentified advertiser, were active for several days before being suspended following notification by security researchers. The compromised ads appeared on a small subset of pages hosting older content, leading to attempted malware installations on visitors' systems. The publisher emphasized existing security protocols and committed to preventing recurrence, though the specific ad network involved remained undisclosed. This event highlighted broader industry challenges in securing ad ecosystems against such intrusions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between September 8 and 15, 2015, a series of malicious advertisements appeared on Forbes.com, exposing visitors to malware distributed through compromised ad networks. Security firm FireEye identified the malvertising campaign and notified Forbes on September 17, two days after the malicious ads ceased running. The attack leveraged the Neutrino and Angler exploit kits, which targeted vulnerabilities in visitors' PC and mobile software to deliver malware. These exploit kits were activated through advertisements displayed on eight specific Forbes.com pages, predominantly hosting older content. The malicious creatives originated from a single, unnamed advertiser whose ads were temporarily active on the platform. FireEye did not disclose whether other websites beyond Forbes were impacted by the same malvertising operation or identify the specific ad network compromised to deliver the tainted ads.
Forbes suspended the affected advertiser immediately upon receiving FireEye's notification and issued a statement emphasizing their existing security protocols while committing to implement necessary changes to prevent recurrence. The incident highlighted the broader malvertising threat, where attackers compromise ad networks to inject malicious code that redirects users to sites hosting exploit kits. No specific data regarding successful infections, visitor impact metrics, or financial consequences was disclosed in the available reporting. Forbes sought additional details from FireEye regarding the identity of the compromised ad network involved in the incident. The event underscored ongoing challenges faced by publishers in securing third-party advertising ecosystems against increasingly prevalent malvertising campaigns.