Google AdWords scam epidemic shows social engineering is evolving 


Check out all the on-demand sessions from the Intelligent Security Summit here.


Social engineering scams are everywhere. Every day, cybercriminals are using whatever medium they can to trick users into handing over their data. This not only includes email, SMS and messaging services, but also online advertising services.

Today, security browser extension provider Guardio Labs unveiled new research as part of a blog post warning that the Google AdWords advertising platform is “spreading rogue promoted search results en mass.” 

As part of these scams, dubbed “MasquerAds,” fraudsters produce fake advertisements designed to rank on search engines and direct targeted users toward malicious phishing sites. These sites are designed to direct users to download malicious payloads hidden with file sharing or code hosting servers like GitHub or Dropbox

Above all, the research indicates that social engineering scams are continuously evolving, and that malicious advertising is one of the go-to mediums for harvesting the details of unsuspecting users.

Event

Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.


Watch Here

The evolution of social engineering 

The report comes shortly after the FBI released a warning that cybercriminals were using search engine advertisement services to impersonate trusted brands and direct users to malicious websites to infect their devices with ransomware or steal their login credentials. 

In this latest research, one of the biggest threat actors, known as Vermux, uses hundreds of social engineering sites and domains, mostly served from Russia, to target the GPUs and cryptowallets of U.S. and Canadian residents. 

Given the prominence of these attacks, organizations need to double-down on security awareness training and endpoint-protection tools, to ensure that employees are equipped to deal with malicious advertising, the same way they are with phishing emails. 

“Making mistakes is human, and you only need one to compromise the entire company so other layers of security are mandatory,” said Nati Tal, head of Guardio Labs. 

“Integrating EDRs [endpoint detection and response] is a must, but this also is not enough — threat actors keep on evolving and testing their capabilities against enterprise EDR algorithms so we can also see in our research here — refactoring malware payloads, and combining with real software, short operation times and user trust and intent is almost fully resistant to detection,” Tal said. 

Tal also notes that preemptive detection inside the browser is a must-have, as it’s the “gateway” to many phishing, malvertising and scams. In-browser protection can help users detect threats before malicious payloads and malware can be downloaded to their system.  

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.



Source link: https://venturebeat.com/security/google-adwords-scam-epidemic-shows-social-engineering-is-evolving/

Sponsors

spot_img

Latest

Democrats Introduce Legislation to Bar Trump From Ever Holding Public Office

Representative David Cicilline, backed by 40 other House Democrats, introduced legislation citing a Civil War-era provision in the 14th Amendment to bar Donald...

Rondo traded for Crowder; most team assists in ’85

On this day in Boston Celtics history, the storied franchise traded champion point guard Rajon Rondo and center Dwight Powell to the Dallas...

Cameroon rally to tie Serbia 3-3; Brazil faces Switzerland without Neymar

The final round of phase two of the World Cup gets underway Monday. With Qatar and Canada officially eliminated over the weekend, things...

Cardano Community Strikes Back at Researcher’s TPS Critique

A crypto researcher criticized Cardano’s scaling efforts as insufficient for competition.  Justin Bons and the Cardano...

Uber files lawsuit to block NYC driver pay increase

Back in November, New York City's Taxi and Limousine Commission (TLC) voted to increase the pay rates of Uber and Lyft drivers to...