Freely subscribe to our NEWSLETTER

Adam Winn, senior manager, OPSWAT: "The most vulnerable users are those who do not block ads, and have Flash set to autoplay. A vulnerability like this can strike anyway, no matter how safe their browsing habits or how well-patched their software is. Protection can be achieved with two simple techniques: Click to Play, and Ad Blocking. This combination of techniques is nearly bullet-proof against malvertising.
1) Click to Play: Set your browser to use Click to Play, which means no Flash/Java/Silverlight/etc. can launch unless the user explicitly requests it.
2) Ad blocking: While somewhat controversial, ad blocking is nonetheless an extremely effective way that users can protect themselves from malvertising. There are many competing alternatives for ad blocking, yet AdBlock remains the most popular.

Any average user can configure these two items in less than an hour, and rest assured that they will be nearly invulnerable to malvertising and many Flash/Java/Silverlight exploits in general."

Gavin Reid, VP of threat intelligence, Lancope: "It is important to not confuse the attack at Match with full site compromises like the recent hack of Ashley Madison. The information on this attack shows a much different issue of malvertising (ads that contain links to malware) being viewed on their website. Malverstising has plagued online websites, with almost all of the top 100 sites having hosted them at some time."

Simon Crosby, CTO and co-founder, Bromium: "If you use any online services whose data, if stolen and made public, could be used against you, then edit your profile now to include false information and a fake email address, or an alternative, randomised, non work email address from an online provider."