Malvertising up by over 200%.
Online Trust Alliance (OTA) Executive Director and President Craig Spiezle testified today before the U.S. Senate’s Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, outlining the risks of malicious advertising, and possible solutions to stem the rising tide.
According to OTA research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. The threats are significant, warns the Seattle-based non-profit—with the majority of malicious ads infecting users’ computers via “drive by downloads,” which occur when a user innocently visits a web site, with no interaction or clicking required.The consequences of malvertising include cybercriminals capturing users’ personal information or turning devices into a bot for the purpose of taking over that device and using it in many cases to execute DDoS attacks against a bank, government agency or other organization.Just as damaging is the deployment of ransomware, which encrypts a user’s hard drive, demanding an extortion payment to be unlocked. Users’ personal data, family photos and health records can be destroyed and stolen in seconds.In the absence of policy and traffic quality controls, organized crime has recognized malvertising as the “exploit of choice” because it offers the ability to be anonymous and remain undetected for days. Through a multi-stakeholder effort, the OTA Advertising and Content Integrity Committee proposed a holistic framework as the foundation of an enforceable code of conduct or possible legislation addressing five key areas:
- Data Sharing
“Today, companies have little, if any, incentive to disclose their role in or knowledge of a security event, leaving consumers vulnerable and unprotected for potentially months or years, during which time untold amounts of damage can occur,” said Spiezle. “Failure to address these threats suggests the needs for legislation not unlike State data breach laws, requiring mandatory notification, data sharing and remediation to those who have been harmed.”
It is important to recognize there is no absolute defense against a determined criminal. At the hearing, OTA proposed incentives to companies who adopt best practices and comply with codes of conduct.
Spiezle emphasized that these companies “should be afforded protection from regulatory oversight as well as frivolous lawsuits. Perceived anti-trust and privacy issues must be resolved to facilitate data sharing to aid in fraud detection and forensics.”
Read more »
Hacked Sign Warns San Franciscans Of ‘Godzilla Attack’.
A Bay Area prankster hacked a mobile road sign to warn motorists of an imminent Godzilla attack.
According to CBS San Francisco, a sign reading “Godzilla Attack – Turn Back” was spotted on Van Ness Avenue on Wednesday night. It’s since been restored to display its intended message — warning drivers of potential traffic delays during Sunday’s Bay to Breakers foot race.
In the latest Godzilla movie, which comes out Friday, the reptilian behemoth makes a huge mess of San Francisco. Some Twitter users speculated that the prank was a promotional stunt for the movie.
The U.S. Air Force believes it could stop an assault by Godzilla.
However, government agencies have proven incapable of preventing tampering with road signs. In the past, people have hacked them to warn drivers of zombies and various other made-up hazards.
Earlier this week, a road sign in New Jersey was altered to read “Assville next left,”referring to the Jersey Shore.
Read more »