All Covered’s Post

New Year, New Cyber Security Threats. The world wide cost of cybercrime is expected to reach ~$10,500,000,000,000 in 2025. That's 10.5 TRILLION US dollars. That's more than a tenth of the total global GDP. If cybercrime was a country, it would have more than double the GDP of Japan in 2023, and would have the third largest economy after the US and China. Cybercrime is a flourishing, ever changing industry, and it keeps getting bigger. Are you prepared for new threats? If not, are you prepared to make headlines for all the wrong reasons? All Covered Konica Minolta Business Solutions U.S.A., Inc.

🚨 Scams in Search Results on the Rise 🛡️ With the holiday shopping season in full swing, malicious ads are targeting users more than ever. In this latest WIRED article, Malwarebytes’ Jérôme Segura sheds light on how these scams exploit search results to deceive and harm. Stay alert and protect yourself this season! Read more: https://lnkd.in/gxf39bgi

This is a great piece on Wired featuring thoughts from Jérôme Segura. Malvertising is one of the best ways hackers can find their exact audience and target compelling scams and malicious downloads. People trust a search engine result when they search for a brand they know, often lowering their guard and clicking through to unsafe sites. Practice safe ad clicks! (or remove ads for free with Browser Guard)

Last minute online shopping? “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising. Source (Medium Guardio) "Guardio Labs tracked and analyzed a large-scale fake captcha campaign distributing a disastrous Lumma info-stealer malware that circumvents general security measures like Safe Browsing. Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over 1 million daily “ad impressions” and causing thousands of daily victims to lose their accounts and money through a network of 3,000+ content sites funneling traffic. Our research dissects this campaign and provides insights into the malvertising industry’s infrastructure, tactics, and key players. Through a detailed analysis of redirect chains, obfuscated scripts, and Traffic Distribution Systems (TDS) — in collaboration with our friends at Infoblox — we traced the campaign’s origins to Monetag, a part of ProepllerAds’ network previously tracked by Infoblox under the name “Vane Viper.” Further investigation reveals how threat actors leveraged services like BeMob ad-tracking to cloak their malicious intent, showcasing the fragmented accountability in the ad ecosystem. This lack of oversight leaves internet users vulnerable and enables malvertising campaigns to flourish at scale." To read the complete article see: https://lnkd.in/esCaNcR5

Amazing research by Jérôme Segura covered by Fox News here. Malicious advertising is rampant and a real problem for brands and consumers. In this case The Browser Company is having their Arc Browser mimicked by bad actors to take unknowing customers into a malicious path when they are just trying to download a browser. Ad blockers aren’t just useful because ads are annoying, they block malvertising (predicted that 1 in 10 ads are malicious). MalwareBytes has BrowserGuard for free for your browser and protect yourself. Google has been fighting ad blockers (especially on YouTube) but Google is a major source of malicious ads as covered in this article.

Did you know that ClickPatrol blocks bots before they click on your ads? We call this predictive click-blocking. Through our years of extensive experience working with non-human server networks, scrapers, and bots, we’ve built a comprehensive list of invalid IPs. This list is monitored and updated daily to ensure our system stays ahead of emerging threats. How it works: As soon as a user signs up on our platform, our tool immediately blocks these known bot IPs from targeting your campaigns. By excluding traffic from recognized servers and networks often used for bot activity, we help ensure that your ads are seen only by real users. This predictive blocking is more than just a security measure; it can save between 0.4% to 0.9% of your ad spend. Imagine what that means for a long-running campaign. To avoid wasting money on fake clicks, use ClickPatrol to block bots before they can interact with your ads. Start now; your first 7 days are free. #fakeclicks #adprotection #adspend

When I hear about malvertising campaigns, I often question why mandating ad blockers is not a corporate requirement. Nati Tal of Guardio tracked and analyzed a large-scale fake captcha campaign distributing Lumma info-stealer malware that circumvents general security measures like Safe Browsing. “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising - https://lnkd.in/gWgNy-KA.  In collaboration with Renée B. and the folks from Infoblox, they traced the campaign’s origins to Monetag, a part of PropellerAds’ network previously tracked by Infoblox under the name “Vane Viper.” Further investigation reveals how threat actors leveraged services like BeMob ad-tracking to cloak their malicious intent, showcasing the fragmented accountability in the ad ecosystem. Scroll to the bottom of the article for numerous IOCs of - Fake Captcha Pages - BeMob campaign URLs used for Cloaking - 50 Most Active Publisher Domains Monetizing via Monetag

A new large-scale campaign distributing Lumma infostealer malware through fake captcha pages has been observed using malvertising to exploit weaknesses in the digital advertising ecosystem. https://lnkd.in/gz6sZ92A

Brave Browser with Adblocker stands out as a must-have for its target audience due to its innovative blend of privacy, security, and user experience. At its core, Brave prioritizes user privacy by blocking intrusive ads and trackers, ensuring a smoother and safer browsing experience. By eliminating unwanted advertisements, Brave not only enhances page loading times but also protects users from potential malware and phishing attempts often associated with online ads. Moreover, Brave offers a unique approach to online advertising through its Basic Attention Token (BAT) ecosystem. Users can opt into Brave Rewards, where they are rewarded with BAT for viewing privacy-respecting ads. This system empowers users to engage with advertisements on their terms while maintaining control over their data and online experience. Furthermore, Brave Browser emphasizes user control with features like built-in HTTPS Everywhere, script blocking, and fingerprinting protection. These features give users greater autonomy over their online footprint, reducing the risk of data breaches and unauthorized tracking. Overall, Brave Browser with Adblocker distinguishes itself as a must-have for those seeking a secure, private, and streamlined browsing experience. Its commitment to user privacy, combined with innovative features like BAT rewards, makes it a compelling choice for individuals who value control and transparency in their online activities.

Social media #phishing can come in a variety of forms, and as we lead into the commerce frenzy around the end of the year, it's important to be aware of current scams when shopping for yourself, friends, or family! ‼️ Unfortunately, it's also peak season for scammers, as a large wave of Facebook advertising scams is being detected alongside legitimate adverts, which is impacting customers and brands alike. This however, has been on the gradual rise for some time (more on this below). The outcome for a brand? • Loss of revenue • Degraded customer experience • Loss of customer trust. I highly recommend this quick read on the topic from brandsec https://lnkd.in/gQfgshFi If you're in this space and facing challenges of phishing or #brand infringement, please give us a bell.