View all on-demand sessions from the Intelligent Security Summit here.
Social engineering scams are everywhere. Every day, cybercriminals use every medium they can to trick users into giving up their data. This includes not only email, SMS and messaging services, but also online advertising services.
Today, provider of security browser extensions Guardio Labs revealed new research as part of a blog post warning that the Google AdWords advertising platform is “massively spreading rogue promoted search results.”
As part of this scam, dubbed “MasquerAds”, fraudsters produce fake ads designed to rank in search engines and direct targeted users to malicious phishing sites. These sites are designed to trick users into downloading malicious payloads hidden with file sharing or code hosting servers such as GitHub or Dropbox.
Above all, the research indicates that social engineering scams are constantly evolving and that malicious advertisements are one of the most widely used media to collect the data of unsuspecting users.
Event
Intelligent Security Summit on demand
Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Check out on-demand sessions today.
Look here
The report comes shortly after the FBI released an alert that cybercriminals used search engine advertising services to impersonate trusted brands and lead users to malicious websites to infect their devices with ransomware or steal their credentials.
In this latest investigation, one of the largest threat actors known as Vermux is using hundreds of social engineering sites and domains, mostly operated from Russia, to target the GPUs and crypto wallets of US and Canadian residents.
Given the magnitude of these attacks, organizations need to increase security awareness training and endpoint protection tools to ensure employees are equipped to deal with malicious ads in the same way they deal with phishing emails.
“To err is human, and it only takes one to compromise the entire company, so other layers of security are mandatory,” said Nati Tal, head of Guardio Labs.
“Integrating EDRs [endpoint detection and response] is a must, but this is also not enough – threat actors continue to evolve and test their capabilities against enterprise EDR algorithms, so we can also see in our research here – refactoring and combining malware payloads with real software, short operating times and user trust and the intent is almost completely resistant to detection,” Tal said.
Tal also notes that in-browser preemptive detection is a must, as it’s the “gateway” to many phishing, malvertising, and scams. Protection in the browser can help users detect threats before malicious payloads and malware can be downloaded to their system.
VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.