Senators Slam Online Advertisers As 'Malvertising' Spikes

Complex ecosystem fails to arrest rise in malicious advertising, information security experts warn Congress.

agencies and also report bad actors to both law enforcement agencies and industry groups.

Similarly, the Senate report recommends that the online advertising industry issue stronger security guidelines for members, as well as share more information on threats. The report also calls for more frequent spot-checks of online advertising content to better catch malvertising outbreaks, and the development of "circuit breakers" to detect malvertising before it reaches consumers.

Otherwise, the committee has promised to spell out those responsibilities in new legislation: "If sophisticated commercial entities do not take steps to further protect consumers, regulatory or legislative change may be needed so that such entities are incentivized to increase security for advertisements run through their systems," the report reads.

Last week, committee member Sen. John McCain (R-AZ) likewise warned in a statement that Congress must "make sure standards and rules exist to ensure consumers do not have to be more tech savvy than cyber criminals to stay safe online." At the hearing, meanwhile, he laid into the industry's approach to regulating itself, noting that this had failed to produce effective guidance or clear standards for online advertising security or prevent the emergence -- or timely disavowal -- of such aggressive advertising techniques as history sniffing.

Intentions aside, Congress has a poor track record of passing any legislation that relates to privacy or data security. Notably, the Do Not Track initiative has stalled -- as the Senate report notes, with advertisers and consumer groups unable to agree on even a definition of what constitutes tracking -- and after years of debate, Congress has failed to pass any cyber security legislation or even a national data breach notification law. Meanwhile, President Obama's 2012 Privacy Bill of Rights lacks the force of law and is thus voluntary. Perhaps unsurprisingly, advertisers haven't rushed to sign up.

Cue the current state of affairs: "The one party who is least capable of monitoring and regulating advertising -- the consumer -- is the party who currently bears the full brunt of the losses when the system fails," the Senate report states.

Cyber criminals wielding advanced persistent threats have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Read our Advanced Attacks Demand New Defenses report today. (Free registration required.)