The U.S. Cybersecurity and Infrastructure Security Agency has offered guidance to all Federal agencies suggesting that they install ad-blocking software, because it is a gaping security hole.

This revelation, and $6.95, will get you a small Starbucks decaf pour-over:

The U.S. Cybersecurity and Infrastructure Security Agency urged federal agencies on Thursday to deploy ad-blocking software and standardize web browser usage across their workforces in order to fend off advertisements implanted with malware.

“With many agencies greatly expanding telework options, agencies should increase attention on securing federal endpoints, including associated web browsing capabilities,” the Department of Homeland Security’s cyber arm said in a guide for agencies.

With the alert, CISA joins the National Security Agency, which in 2018 likewise urged agencies to adopt ad blockers in response to the threat from “malvertising” that can spread malware.

………

“Some browser extensions are known to accept payment from advertisers to ensure their ads are allowlisted from blocking,” the agency said, citing concerns that Sen. Ron Wyden, D-Ore. raised last year to the Federal Trade Commission.

Wyden nonetheless had urged the White House to use ad blockers, citing at least one media report of Russia using seemingly innocuous advertisements to target a state election agency.

The entire online ad space can be described as a toxic mix of fraud and security exploits. 

As I am writing about online ads, my standard disclaimer on any post about the aforementioned service applies:

Also, please note, this should be in no way construed as an inducement or a request for my reader(s) to click on any ad that they would not otherwise be inclined to investigate further. This would be a violation of the terms of service for Google™ Adsense™.