Risk
10/1/2013
10:48 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Online Trust Alliance Embraces National Cyber Security Awareness Month

Announces three-part initiative to advance industry self-regulatory efforts

Bellevue, WA (October 1, 2013) – On the 10th anniversary of the National Cyber Security Awareness Month, the Online Trust Alliance (OTA) today announced a three-part initiative to advance industry self-regulatory efforts addressing security and privacy issues that affect consumers and businesses worldwide.

Networks of malicious malware - known as botnets and fraudulent ads are at the center of online privacy and security concerns. The explosive rise in botnets is estimated to have compromised one in 10 home-based computers. Concurrently, international cybercriminals are increasingly using malicious and fraudulent advertising, known as malvertising to compromise users' privacy, bank accounts and to facilitate identify theft. In just the past twelve months, OTA estimates over one-billion malicious ad impressions were served to unsuspecting consumers as they surf the web. Counter-measures introduced by OTA today to combat this problem include:

• Botnet Remediation & Removal Best Practices

• Fraudulent Advertising & Customer Risk Framework

• Customer On-Boarding Best Practices for Hosters and Cloud Service Providers

OTA was recognized by the White House last year and recently re-appointed by the Federal Communications Commission to the Communications Security, Reliability and Interoperability Council, OTA as a leading convener of multi-stakeholder efforts. OTA works across the ecosystem with commerce sites, advertisers, hosters, ISPs, financial instructions, and security vendors to provide prescriptive advice to help neutralize botnets, stem the spread of malicious and fraudulent advertising, and help cloud service providers identify fraudulent businesses.

"It is critical that we implement technical safeguards, but also equip business and internet intermediaries with the tools needed to help stem the tide of cybercrime," said Craig Spiezle, executive director and president OTA. "By implementing these practices, consumers, businesses, and industry will mutually benefit. Businesses who fail to adopt are unnecessarily putting consumers at risk."

"We have a shared responsibility to help prevent, detect, and remediate the spread of botnets. Collaboration among ISPs, the security community, OS providers, banking and commerce sites is a key to fighting these threats. It is critical for users to keep their software applications up-to-date including protection from malicious downloads and dubious apps," said John Scarrow, general manager of online safety service at Microsoft.

"One 'bad actor' can hurt an ESP's or hoster's overall reputation and adversely affect the reputation of other customers using the same infrastructure. Having a solid vetting process in place can obviously help minimize the risk to an organization's reputation," said James Koons, chief privacy officer at Listrak. "Being on the front lines we have learned vetting is a great opportunity to detect fraud while enhancing client relationships. OTA's New Account Risk Framework is an excellent tool for any organization and underscores the value of collaboration and data sharing."

Recognizing that over one billion malicious ad impressions were served this past year, the OTA Advertising Security Working Group has been working with publishers, ad networks, and advertisers. Based on their analysis upwards of 60% of malvertising is attributed to cybercriminals merely masquerading as legitimate advertisers or agencies inserting malicious and fraudulent ads. These prescriptive guidelines will make a significant dent into the threats which are undermining the trust and integrity of online advertising.

"Protecting the integrity of online advertising is critical to the industry and the vitality of the internet. The combination of malvertising, click fraud, and ads from fraudulent companies is undermining consumer trust, which in turn undermines marketing effectiveness. We call on our partners and fellow ad networks to adopt these best practices to help stem the tide of fraudulent and malicious advertising," said Paul Harrison, co-founder and chief technology officer at Simpli.fi. "We applaud OTA's leadership to help protect consumers' data, identity and privacy from abuse."

These documents and additional resources are available at https://otalliance.org/resources. OTA will be hosting webinars providing prescriptive advice to enhance consumer protection and online trust.

Thursday, October 3, 9 AM PDT – Noon EST

On-Boarding Best Practices for Ad Networks, Hosters & Cloud Service Providers

https://cc.readytalk.com/r/qg2gdfyhikcy&eom

Friday, October 4, 9 AM PDT / Noon EST

Anti-Botnet Remediation Best Practices

https://cc.readytalk.com/r/6xwcmo5v6cev&eom

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web