Home » Cybersecurity

Tag: Cybersecurity

Ad Fraud – The Fastest Growing Cyber-Crime You’ve Never Heard Of

By Daniel Avital, Chief Strategy Officer, CHEQ

When we think about industries most in need of cybersecurity protection, we tend to think of government, financial services, transportation, and healthcare. All of these are natural targets for data theft, espionage, financial fraud, and even terrorism. So naturally, when people hear that we work in cybersecurity for online advertising, they’re taken by surprise. “Cybersecurity for online advertising?” Huh, I didn’t realize that was a thing…”

Online ad-fraud | One of the fastest growing cyber-crimes out there

When we first took CHEQ to market, it was in response to what was quickly becoming one of the fastest-growing criminal enterprises in the world: ad fraud. What is ad fraud? Broadly speaking, it’s the attempt to generate fake online ad views, clicks, and engagement for monetary gain. These can be the result of small-time, one-man-show operations running simplistic bots, using proxy servers or contracting click-farms, or what is generally categorized as GIVT (General Invalid Traffic).

However, over the years we’ve witnessed a rapid growth in SIVT (Sophisticated Invalid Traffic), leveraging large-scale, complex bot-nets. These bots are designed specifically around online advertising ecosystems and infrastructure, looking to exploit weaknesses in the programmatic supply chain, publisher sites, adtech intermediary platforms, paid-social, and paid search platforms.

To understand how quickly this criminal enterprise is growing, consider that in 2017, aggregated industry data showed ad-fraud to be costing advertisers approximately $6.5 billion in wasted ad spend. Last year, new data suggested that this figure has risen to as high as $30 billion. This marks an almost 500% increase in just two years. Industry projections for 2021 are now talking about a figure north of $50 billion. That is absolutely astonishing growth, by any benchmark. Recent research into click fraud conducted by fraud expert Professor Roberto Cavazos of the University of Baltimore suggests even greater exposure to fake traffic on PPC advertising channels, now rivaling programmatic channels for fraud.

Why is ad fraud growing so rapidly? Because it’s easy to do and hard to catch.

When you think about what encourages or discourages someone from engaging in criminal activity, one key factor is the risk-reward element. Now consider ad fraud. The reward element is also extremely high, as there is little-to-no overhead required. Any hacker can do this from the comfort of their bedroom. On the other hand, the risk is extremely low. Your activity might be detected and blocked at some point, but the chances of the perpetrator actually getting named and caught are remarkably slim – not to mention that even if they were caught, the ability to prosecute such a person is very unclear, with questions of jurisdictions and varying internet laws among different countries.

But why is it more appealing than other cyber-crimes? Because up until recently, there’s been little cyber-driven ad security.

It is of course true to note that a good balance of risk and reward exists not only in ad fraud, but across most major cyber-criminal enterprises. And yet, ad fraud still stands out in its remarkable growth. The best explanation is that until recently, online ad security has been in its infancy, mitigated primarily by adtech companies, often referred to as “ad-verification” vendors.

These ad-verification vendors sprung up from within the adtech scene with capabilities better suited for measuring clicks and impressions, attributing users, and monitoring campaign performance. As they lacked a cybersecurity background, they relied primarily on IP blacklists to filter fake traffic, a methodology widely regarded as ineffective by anyone in the bot mitigation industry. These IP blacklists are purchased from third-party vendors, they age quickly, and they cover a very small portion of the fake traffic out there. So, if you’re a cyber-criminal, where would you rather turn your efforts? Toward governments and financial institutions who are deploying the most sophisticated, real-time, deterministic security? Or would you go for an industry that’s largely unprotected, which relies on dated methodologies? It seems many hackers and fraudsters are opting for the latter and choosing the easiest target available.

Advertisers turn to cybersecurity for a solution

With advertisers suffering severe losses and spending millions of dollars on ad-verification vendors who are incapable of mitigating the problem, large brands and media agencies have turned to the cybersecurity industry for solutions. This is how we at CHEQ, a cybersecurity bot-mitigation company, unexpectedly found ourselves working with large-scale online advertisers and brands. So, we were surprised when we first went to market just over three years ago to find just how sophisticated ad-fraud had become and how savvy the fraudsters were when it came to exploiting the inherent weaknesses of the adtech ecosystem.

The ecosystem is so convoluted, so riddled with intermediaries, dodgy exchanges, murky networks, and shady business models, that it’s no wonder it became a prime target. What was great to see, however, was just how receptive the adtech and online-advertising community was to adopting cybersecurity solutions, implementing JavaScript codes to run browser challenges, and getting smart about ad fraud and click fraud prevention.

Today, the world’s leading advertisers are already deploying solutions like CHEQ across all their different channels, from programmatic display and video, to paid search, paid social, OTT, publisher sites, content recommendation, and even 3D console gaming. The category of online ad security is now booming, as big-brand advertisers race to protect their billions of ad-spend dollars from the growing threat of ad fraud and click fraud. This makes online ad security a truly exciting new category, with a huge and largely untapped addressable market.

Bio

Daniel serves as Chief Strategy Officer at CHEQ, leading the company’s positioning and marketing efforts. Prior to CHEQ, Daniel served as Senior Director of Strategy at WPP’s Grey, leading brand strategy for some of the world’s leading advertisers including P&G, GSK, and Fiat Group.

Five Essential Web Security Functions to Protect Small Businesses and Boost ARPU

By Michael Fowler, President of Partners and Channels, Sectigo

When cybercriminals attack, they aren’t just targeting large corporations. In fact, according to the most recent Verizon Data Breach Investigations Report (DBIR), 43% of cyberattacks target small businesses—a stat that might surprise many business owners. That same report indicated that just 14% of small businesses are adequately prepared to protect themselves from those attacks, shining a light on the growing need for cybersecurity within these organizations.

While small business data breaches may not dominate the headlines the way a major financial institution being hacked likely would, the average total cost of a data breach is now $3.92 million—a number that rises to $8.19 million when limited to US breaches. And while large corporations may be able to weather that damage comfortably, it’s an amount likely to sink many smaller companies.

As the volume of attacks targeting small businesses continues to rise, these businesses must not only understand the array of website security tools needed to protect and back up their sites, but also learn to use those tools more effectively. Small businesses seeking to protect themselves against today’s most dangerous threats should ensure that they have the following five key cybersecurity capabilities.

The Five Essential Cybersecurity Capabilities

  1. TLS/SSL Certificates. “Identity” is a critically important concept—especially online. Customers arriving at a small business website need to have confidence that they are in the right place. Web certificates (visible as a padlock in browsers) serve to indicate to customers that the site they are visiting is secure and that information they enter—personal, financial, or otherwise—is being shared with an authentic/verified business rather than a fraudulent site.

    In the past, some small businesses have resisted SSL certificates because of the hassle to maintain them—after all, we’ve seen what can happen when certificates lapse. Fortunately, that is no longer the case. The rise of automation has made it considerably easier to issue, renew, and maintain web certificates, meaning that small businesses can enjoy the benefits of identity security with minimal management.

  2. Malware and Vulnerability Detection. “Detection” means more than just alerting you when something has already gone wrong. Small business owners must be vigilant for potential website vulnerabilities and address them before they can impact their businesses. Search engines will blacklist a website with known vulnerabilities, making it critical for website owners to be proactive about detecting potential issues.

    It’s also important to be aware of potential vulnerabilities with your site’s various components. For instance, your website’s content management system (CMS) or e-commerce platform may have known vulnerabilities that require steps to address. There are simple security products available today that can help monitor your website and alert you to these potential issues.

  3. Remediation. Once a threat has been detected, the next step is remediation—removing the threat from the system. When exploring website security technology, identifying a product with the right remediation capabilities for your site is important. Look for something capable of removing active infections from your website files, MySQL database, and other important components of your website.

    It’s also important that remediation is completed without disrupting functionality. You don’t want your website being taken down for maintenance every time a potential threat is detected. Fortunately, today’s remediation products are generally mindful of this essential continuity.

  4. Patching. Once a threat has been detected and successfully eradicated, it’s time to make sure that you eliminate the vulnerability that allowed the malware into your system. Installing technology that proactively patches known vulnerabilities before they can be exploited by cybercriminals minimizes the amount of time attackers can potentially exploit vulnerabilities. Having web security tools in place that can automatically scan for new patches and ensure that they are installed quickly can go a long way toward protecting your website from outside threats.

    For example, businesses running a WordPress, Drupal, or Joomla site gain real-time threat protection by arming their website, blog, or online shop with automated CMS patching, preventing the bad guys from sneaking in between updates—and stopping zero-day attacks in their tracks.
  1. Back up and Restore. It’s important to know that even if a threat slips through the cracks and does real damage to your website, the site can be easily restored. Version control software that enables businesses to back up and restore their website with just the click of a button is now widely available to those who recognize the importance of this technology. Many tools will even automatically create backups at certain intervals, making life as simple as possible for business owners.

    It’s difficult to overstate the value of effective backup and restore tools. They ensure that even in a worst-case scenario where an attack cripples your entire website, you remain just one click away from restoring what was lost. That peace of mind enables small business owners to focus on the hundreds of other things they need to worry about, secure in the knowledge that their website is in good hands.

CAPTION: Five simple, automated cybersecurity technologies enable website owners to achieve big-business web security and peace of mind, using small-business resources.

Strong Website Protections Help Small Businesses and Their Customers

As breaches become both more numerous and more costly, small businesses must avoid putting themselves in a vulnerable position. Fortunately, as the threat landscape evolves, TLS/SSL and hosting providers are evolving as well. It is now easier than ever to protect online assets from malware and data breaches with new suites of products capable of everything from automatic certificate renewal to patching and remediation.

As simplified website security tools become more widely available, small businesses are increasingly able to enjoy a level of protection on par with much larger companies. The rise of automation has put powerful detection, protection, and recovery tools in the hands of the most resource-constrained and vulnerable organizations. And while no one tool can protect against every possible threat, SMBs with effective web certificate, threat detection, remediation, patching, and backup and restore capabilities will find themselves well-positioned to face whatever threats the future may hold.

Bio

As President of Partners and Channels, Michael Fowler is responsible for developing and maintaining channel partnerships with leaders in key growth markets. Michael has more than 15 years of experience in web security and works closely with Sectigo product management, engineering, marketing and support to develop product refinement and go-to-market strategies.

Small and Medium Businesses Are More Vulnerable to Cyberattacks

Tips for Small Businesses on How to Enhance Cybersecurity

By Daniel Markuson, Digital Privacy Expert, NordVPN

According to the study conducted by the Ponemon Institute, only 28% of small and medium businesses mitigate cyber threats, vulnerabilities and attacks effectively. The study revealed that nearly half of the companies have no understanding of how to protect their data, finances, employees and customers against cyberattacks.

However, small businesses may often be even more attractive targets for hackers than larger enterprises. Here are some of the reasons:

  1. The owners of valuable data. Contrary to what most of the small companies may think, they do have useful data for hackers. It can be anything from financial information that can be used for fraud, to the personal details valuable for identity theft.
  2. The path to other companies. Often hackers target small companies for easy access into larger enterprises. It can also be a path into the data of many other small businesses.
  3. Easy to hack. Small businesses often lack adequate cyber-defenses, so they are frequently much easier to hack compared to larger enterprises. There are usually no security personnel and technology in place, so it’s also more challenging to detect an attack when it occurs. Effective handling of cyber threats is impossible without a strategy and strict policies applied to all employees.
  4. More difficult recovery. Every small business has computer-based data it needs to operate. Unfortunately, few can recover from an attack independently. However, a cyberattack might be the end of the road, especially for a small business. Therefore, small business owners are more likely to pay ransoms.

Ransomware and spear-phishing attacks are the most common cybercrime tactics used against small businesses. The first one blocks access to a computer or mobile phone until the attackers receive a ransom payment. The second one is an email-spoofing attack seeking unauthorized access to valuable information. There are hundreds of different ways to harm any enterprise, its employees or customers. Some of the most usual methods don’t even require advanced technological knowledge. For example, social engineering schemes are easy and effective to launch.

Simple tips for small business owners to boost cybersecurity

Do regular backups. Regular backup of your data in a secure location – offsite and offline – is essential. It helps to protect yourself from a ransomware attack. For small businesses with less sensitive data, even external hard drives might be enough. For more significant comfort, consider special paid backup security services (don’t trust free ones).

Secure all your smart devices. Cybersecurity is not limited to your smartphone, tablet or computer. These days, even printers and TVs are connected to the internet, so make sure these are secure as well. If the password and even username are insecure, change them. Additionally, restrict admin privileges to your networks and accounts. Each team member must have their personal credentials with an assigned role. This way you will always know who made a mistake.

Secure all your data. Encrypting your data makes it more difficult to exploit or hijack. A reliable and reputable VPN service provider, like NordVPN, SurfShark or ProtonVPN, can encrypt the online traffic of all your employees. This ensures that your data is safe when they need to access it. Many small business owners and employees work at office hubs or at home, so their data gets sent through unsecured channels. A reliable VPN can fix this problem. Of course, don’t forget that you need an antivirus and a strong firewall.

Educate your team members. It is essential to cultivate the secure mindset of every employee. Keep your team members informed about the dangers of downloading attachments or clicking on links from unknown sources. Make sure to educate them about social engineering tactics, latest hacks and phishing attacks. You can use an online cybersecurity test to understand how much your employees know about digital security.

Always update your devices. Don’t forget to update your computers, tablets, smartphones and other devices regularly. Do the same for software. New updates fix security vulnerabilities and system bugs that could cause insecure situations. Make sure to update your firewalls and antivirus.

Create a strong password. Use unique passwords for different accounts or devices. Make sure to create strong passwords and change them every three months. It’s also crucial for your company to have a strict password policy and ensure that all employees comply with it. Additionally, share some tips with your colleagues on how to create strong and reliable passwords.

An average data breach costs $3.92 million, and that’s a heavy burden on small and medium enterprises. Leaks drive away clients, plus companies end up paying millions in fines and compensations. Even though cyberattacks often target SMEs, the media focuses only on the big hacking scandals. That’s why small company owners tend to think only of major corporations with vast amounts of valuable data as the primary targets. Consequently, SMEs often do not take the most basic steps to protect their digital resources. It’s time to understand that your business’s security is in your own hands.

Bio
Daniel Markuson is a Digital Privacy Expert and Internet security enthusiast at NordVPN. Daniel is generous with spreading news, stories and tips on how to stay secure in the fast-changing digital world.

Alert Logic Report Reveals Wealth of Vulnerabilities for SMBs

By Rohit Dhamankar, Vice President, Threat Intelligence, Alert Logic

When it comes to incorporating strong cybersecurity hygiene into their practices, small and midsize businesses (SMBs) sometimes don’t realize how susceptible they are to cyber attacks. They read the latest news about a big-name organization getting hacked and conclude that this would never happen to a “small fish” company like theirs.

But they are mistaken.

Due to increasingly automated attack methods, cyber adversaries aren’t distinguishing between “big” and “small” fish anymore. They’re targeting vulnerabilities, with automation that empowers them to cast a wide net to cripple SMBs and large enterprises alike. New research from Alert Logic indicates that lack of awareness may be leading to a wealth of exposures for SMBs: A clear majority of their devices are running Microsoft OS versions that will be out of support by January 2020, and most unpatched vulnerabilities in the SMB space are more than a year old.

What Alert Logic’s New Findings Really Say

These and other findings from the Alert Logic Critical Watch Report 2019 should serve as an eye-opener for SMBs. Our analysis was based on 1.3 petabytes of data from more than 4,000 customers, including data from 2.8 million intrusion detection system (IDS) events and 8.2 million verified cybersecurity events. Here are highlights from the report that illustrate the most significant challenges we found:

Digging into the Numbers

More than 66 percent of SMB devices run Microsoft OS versions that are expired or will expire by January 2020. There’s little representation, in fact, of the current Windows Server release – 2019 – among this group and the majority of devices run Windows versions that are more than ten years old. Even if not exposed to the internet, these versions make it easy for attackers to move laterally within systems once they compromise a host.

Three-quarters of the top 20 unpatched vulnerabilities in the SMB space are more than a year old. Even though automated updates have improved software patching, organizations struggle to keep up the pace. The use of open source software – a common technique for building software projects efficiently – complicates the patch cycle, especially when the open source software is embedded. To uncover and reduce the vulnerabilities left by unpatched code, organizations must invest in third-party validation of the efficacy of the update process in their software development life cycle (SDLC) while conducting regular vulnerability scans.

Security Challenges SMBs Face

Weak encryption continues to create headaches, accounting for 66 percent of workload configuration problems. Unfortunately, many SMBs simply implement a default encryption for a particular app. Defaults were typically defined when older encryption protocols were still considered safe but might no longer be. It’s not surprising then that our research found that 13 encryption-related configuration flaws are leading to 42 percent of all security issues found.

Nearly one-third of the top email servers run on Exchange 2000, which has been unsupported for nearly 10 years. Email is the life blood of most businesses, so SMBs place their operations, sales and other critical functions at risk if they encounter newly identified vulnerabilities for which there are no available patches.

The three most popular TCP ports – SSH (22/TCP), HTTPS (443/TCP) and HTTP (80/TCP) – account for 65 percent of all vulnerabilities. Internal security teams should regularly scan ports to determine weaknesses and firewall misconfiguration issues, as well as whether unusual, possibly harmful services are running on systems. In addition, they need to close ports that are no longer in use; install firewalls on every host; monitor and filter port traffic; and patch and harden any device, software or service connected to ports.

Half of systems are running a version 2.6 Linux kernel, which has been out of support for more than three years. There are at least 69 known vulnerabilities for this kernel level, with many relatively easy to exploit. Kernels serve as the heart of an operating system, managing hardware, memory, apps, user privileges and an assortment of other key functions/components.

What to Think About Next

An obvious answer for SMBs is to inventory their cyber ecosystem and replace systems that have outlived support. But this is impractical for many. Resource constraints and inability to scale often prevent SMBs from upgrading and they struggle to apply best practices in patching, hardening and cyber hygiene. These organizations don’t have to go it alone, however, and can partner with security providers who offer strong but cost-conscious options to provide needed threat visibility, intelligence and security and compliance experts. With this support, SMBs can better defend existing infrastructure while addressing security challenges that occur during upgrades or migrations to the cloud.

Bio
Rohit Dhamankar is vice president of threat intelligence products at Alert Logic. Dhamanker has over 15 years of security industry experience across product strategy, threat research, product management and development, technical sales and customer solutions. Prior to Alert Logic, Dhamanker served as vice president of product at Infocyte and founded consulting firm Durvaanker Security Consulting. He holds two Masters of Science degrees – one in physics from The Indian Institute of Technology in Kanpur, India and one in electrical and computer engineering from University of Texas – Austin.