Adam Golodner Discusses Cybercriminal Use of Malvertising in Global Investigations Review
As seen in Global Investigations Review’s “Protection Against Malware: Could Regulators Step In?”
Global Investigations Review reports on a white paper recently published by cybersecurity software company Invincea that focuses on how cybercriminals have been utilizing online advertising to attack US defense companies. The report describes how cybercriminal use malvertising, or online ads containing malicious software (malware), to access the computers of people browsing the websites containing these ads. The malware is reportedly used to access computers or systems of users who click on advertising containing the malware. The report focused on criminals using malvertising to steal information from US defense companies, but other reports have also focused on the use of malvertising to access financial and other information of consumers. Many in the online advertising industry are aware of the issue and taking action; the leading online advertising trade association, the Interactive Advertising Bureau (IAB), is focusing on the issue and creating a set of industry wide best practices to reduce the threat of malvertising.
According to Kaye Scholer Partner Adam Golodner, Leader of the firm’s Global Cybersecurity & Privacy Group, the advertising industry and other companies that benefit from online advertising know that it is in their interest to get ahead of the issue, and help promote a safe online advertising environment. If useful self-regulatory best practices are not developed, Golodner added, policymakers may feel compelled to intervene in the market, through mechanisms such as obligations on advertising companies to make sure that they do not carry any cybersecurity threats, while an enforcement agency, such as the Federal Trade Commission, could be given the power to impose further regulations. Policy interactions such as these between government and industry in new technology fact patterns are typical, and in global cybersecurity, they are now the norm.