Networks of malicious malware - known as botnets and fraudulent ads are at the center of online privacy and security concerns. The explosive rise in botnets is estimated to have compromised one in 10 home-based computers. Concurrently, international cybercriminals are increasingly using malicious and fraudulent advertising, known as malvertising to compromise users' privacy, bank accounts and to facilitate identify theft. In just the past twelve months, OTA estimates over one-billion malicious ad impressions were served to unsuspecting consumers as they surf the web. Counter-measures introduced by OTA today to combat this problem include:
• Botnet Remediation & Removal Best Practices
• Fraudulent Advertising & Customer Risk Framework
• Customer On-Boarding Best Practices for Hosters and Cloud Service Providers
OTA was recognized by the White House last year and recently re-appointed by the Federal Communications Commission to the Communications Security, Reliability and Interoperability Council, OTA as a leading convener of multi-stakeholder efforts. OTA works across the ecosystem with commerce sites, advertisers, hosters, ISPs, financial instructions, and security vendors to provide prescriptive advice to help neutralize botnets, stem the spread of malicious and fraudulent advertising, and help cloud service providers identify fraudulent businesses.
"It is critical that we implement technical safeguards, but also equip business and internet intermediaries with the tools needed to help stem the tide of cybercrime," said Craig Spiezle, executive director and president OTA. "By implementing these practices, consumers, businesses, and industry will mutually benefit. Businesses who fail to adopt are unnecessarily putting consumers at risk."
"We have a shared responsibility to help prevent, detect, and remediate the spread of botnets. Collaboration among ISPs, the security community, OS providers, banking and commerce sites is a key to fighting these threats. It is critical for users to keep their software applications up-to-date including protection from malicious downloads and dubious apps," said John Scarrow, general manager of online safety service at Microsoft.
"One 'bad actor' can hurt an ESP's or hoster's overall reputation and adversely affect the reputation of other customers using the same infrastructure. Having a solid vetting process in place can obviously help minimize the risk to an organization's reputation," said James Koons, chief privacy officer at Listrak. "Being on the front lines we have learned vetting is a great opportunity to detect fraud while enhancing client relationships. OTA's New Account Risk Framework is an excellent tool for any organization and underscores the value of collaboration and data sharing."
Recognizing that over one billion malicious ad impressions were served this past year, the OTA Advertising Security Working Group has been working with publishers, ad networks, and advertisers. Based on their analysis upwards of 60% of malvertising is attributed to cybercriminals merely masquerading as legitimate advertisers or agencies inserting malicious and fraudulent ads. These prescriptive guidelines will make a significant dent into the threats which are undermining the trust and integrity of online advertising.
"Protecting the integrity of online advertising is critical to the industry and the vitality of the internet. The combination of malvertising, click fraud, and ads from fraudulent companies is undermining consumer trust, which in turn undermines marketing effectiveness. We call on our partners and fellow ad networks to adopt these best practices to help stem the tide of fraudulent and malicious advertising," said Paul Harrison, co-founder and chief technology officer at Simpli.fi. "We applaud OTA's leadership to help protect consumers' data, identity and privacy from abuse."
These documents and additional resources are available at https://otalliance.org/resources. OTA will be hosting webinars providing prescriptive advice to enhance consumer protection and online trust.
Thursday, October 3, 9 AM PDT – Noon EST
On-Boarding Best Practices for Ad Networks, Hosters & Cloud Service Providers
Friday, October 4, 9 AM PDT / Noon EST
Anti-Botnet Remediation Best Practices