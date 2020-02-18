In response to a Krebs on Security report that details a new email-based extortion scheme is targeting web site owners serving banner ads through Google’s AdSense program, security awareness experts commented below.
EXPERTS COMMENTS
Javvad Malik, Security Awareness Advocate, KnowBe4
February 18, 2020
The important thing is for people to not give in to such demands.
This is quite an interesting attack which seems to be an evolved form of DDoS (distributed denial of service) attacks. Whereas DDoS attacks are usually launched against large organisations to bring them down for a period of time. This particular threat goes out to website owners and tries to extort them or risk losing adsense revenue. It's not clear whether this is a mere threat or whether the c ....This is quite an interesting attack which seems to be an evolved form of DDoS (distributed denial of service) attacks. Whereas DDoS attacks are usually launched against large organisations to bring them down for a period of time. This particular threat goes out to website owners and tries to extort them or risk losing adsense revenue. It's not clear whether this is a mere threat or whether the criminals actually have the capability or intention of following through with their demands. But it is not something that is outside of the technical capabilities of many criminals, particularly with the large number of IoT devices that get continually compromised and added to botnets. In the big scheme of things, these are not new threats. We've seen variations of these over the years, and they will continue to evolve. The important thing is for people to not give in to such demands. If they are worried, they should contact Google for adsense support.
Roger Grimes, Data-driven Defence Evangelist , KnowBe4
February 18, 2020
Once the vendor hears enough complaints though and confirms the fraud attack.
This is a very interesting attack – a new approach and I don’t see much that surprises me often in the cybersecurity attack world. The bigger question is could Google detect this sort of fraud if it occurred? What generally happens in previous cases of fraud attacks is that it isn’t detected at all initially. The vendor’s attack sensors see it as valid attack and they block it, accidentall ....This is a very interesting attack – a new approach and I don’t see much that surprises me often in the cybersecurity attack world. The bigger question is could Google detect this sort of fraud if it occurred? What generally happens in previous cases of fraud attacks is that it isn’t detected at all initially. The vendor’s attack sensors see it as valid attack and they block it, accidentally causing a false-positive self-denial of service attack of their own doing. Once the vendor hears enough complaints though and confirms the fraud attack, they can change their sensors to try and rule out or stop the false-positive attacks. The question is how long it takes the vendor to go from “this is a real attack” to “this isn’t a real attack” to “we can tell the difference between a real and fake attack”? Some vendors can do it quickly and others it takes months and years. The last question to ask once the vendor is aware of the fake attack is how hard is it to develop a sensor that can tell the difference between real and fake attacks and how many false-negatives and false-positives they get. I would suspect that Google will respond quickly along with the best if this actually becomes a frequent attack.
