Google’s Latest Safe Browsing Update: The End of Fake Download Buttons?

You’ve probably browsed pages – some on well-known high traffic sites – that are full of ads with fake download buttons that took you further away from what you were actually searching for, to dark corners of the internet you’d never willingly visit and software you regret downloading. The real intent of these deceptive ads? Malware. Although they’ve been around for quite a while, they are becoming more prevalent. Some don’t even require a click to pass on an infection.

Here are some examples you probably recognize:

error1 error3error2

Good news for those of you who may not recognize these deceptive ads: Google’s Safe Browsing update aims to minimize your exposure to them. Recently, Google announced a new Chrome feature – as part of its Safe Browsing update – that warns users when they are about to visit sites with these call-to-malware ads. This means that any pages that mimic trusted entities (like your device, browser or the actual site) and trick you into disclosing sensitive information like passwords (that you’d typically only disclose to a trusted entity) will now be flagged by Google. Opening such site would give you the following warning:

error4

The update is turned on by default in Chrome. You can switch it on and off by checking or unchecking the “Protect you and your device from dangerous sites” box located under Preferences in Chrome (Preferences → Settings → Advanced → Privacy).

The ultimate question is: will Google’s latest update keep you completely safe from call-to-malware ads? The answer is most definitely “no.” Even when combined with ad blocking software or applications, Google’s Safe Browsing may not be able to completely keep these ads at bay.

For example, earlier this year, Forbes forced visitors to disable ad blocking software before they could read its content. Since Forbes serves a ‘quote of the day’ and an ad before directing visitors to main content, Google does not accurately cache the page’s content/data. The result was that users were immediately served malware after they disabled ad blockers. Other high profile sites like the New York Times have been victim to similar attacks.

It also looks like it will take a while for Google to compile a comprehensive list of flagged sites. If your site has been flagged, you can follow these instructions to fix the issue.

While Google’s latest Safe Browsing update is an important step towards making the internet a safer space for us, we certainly won’t see the end of malware ads just yet.

Why ‘EmailGate’ Isn’t Just a Problem for Clinton

The U.S. elections of 2016 have resulted in some of the most heated debates across a number of contentious issues. The personalities involved in the run up to the November presidential election are an explosive mix and the resulting accusations and mudslinging makes for great TV.  The accusations range in tone from almost playground jibes, such as the one made towards Cruz, by Trump, saying his Canadian birth could make the senator “vulnerable”, to serious accusations that could materially impact the candidate’s status. Jibes like this may muddy the electoral waters, but the more serious accusations that we’ve seen recently against Hillary Clinton, can have much further repercussions.

Hillary_Clinton_Testimony_to_House_Select_Committee_on_BenghaziHillary Clinton and ‘Those Emails…’

Around this time last year, there was a bit of a storm around Hillary Clinton, then secretary of state, who had been revealed as using a private, home-based, server to manage her emails. At the time, she was accused of using this system to prevent freedom of information requests and searches. Clinton defended herself by saying the emails were not deemed as ‘classified’, something that has since been hotly disputed. The press lambasted her for creating her own, ‘homebrew’ email system; the security of which was uncertain and which gave her powers of control over her emails that rankled those wanting transparency from their politicians. This level of irritation over the use of a personal server was not unfounded. If an issue of state security did occur, it would be vital to have full disclosure of emails. We would then have to rely on Clinton’s word that she had disclosed them, or that she could prove no malicious disclosure had occurred – not an ideal situation for any government to have to deal with. Just to give you an idea of the scale of this issue, so far 1200 emails from that homebrew sever have been checked and retro-actively marked as ‘classified’.

The truth of the matter may never fully come to light, but the story of Hillary Clinton’s ‘EmailGate’, rumbles on. We are now finding out that some of those emails Clinton originally stated were not classified, were in fact, top secret emails.

Trump, a master of marketing, has of course used this to his own advantage. He is using ‘EmailGate’ to damage Clinton’s reputation because of her poor handling of security. Clinton may also find more than her reputation damaged if any subsequent issues come to light, especially around security.

trump_twitter

Ignore Security at Your Peril

Poor security choices may well cost Clinton the presidency. But she isn’t the only one damaged by not taking security and privacy seriously. We are currently watching the world of cyber-crime explode; in fact, Senator John Kerry has described the situation as being, “…pretty much the wild west…” and stated that he fully expects the Russians and Chinese to be reading his emails.  In the last few years we have seen a general increase in the likelihood of a successful cyber-breach. Privacy Rights Clearinghouse which is a non-profit U.S. based organization, sets out to spot trends and quantifies breaches. You can go to their ‘data breaches timeline’ and see the level of breaches per year since 2005. In 2010 there were just fewer than 13 million records breached. In 2014 this figure had risen to almost 68 million breached records, and in 2015 there were a staggering 159, 436, 735 records compromised. This means an awful lot of organizations and the people who head them are seeing financial penalties and their reputations damaged.

Cyber-litigation On the Increase: Now it’s Personal

These cyber-breach figures are not only resulting in an awful lot of stolen data, they are translating into litigation. The Federal Trade Commission (FTC) can and does prosecute firms for poor security measures. In 2015 the FTC made a ruling that will impact all companies who are custodians of data, especially of customer data. The ruling came out of the case of the FTC vs. Wyndham Hotel and Resorts where Wyndham failed to give reasonable protection to personal customer details. The FTC can now more readily bring cybersecurity cases to court and prosecute businesses that do not put in place good measures to protect customer data.

The massive breach suffered by retailer Target has resulted not just in reputational damage, but major financial losses. Resulting lawsuits by banks and credit unions associated with the firm have amounted to $39 million; a class action by Target customers is also in progress against the retailer.

And now it’s also getting personal. There is a human impact too, above and beyond the affected customers and the class actions; Target’s CIO, Beth Jacob, ended up resigning over the cyber-breach debacle. Donna Seymour, CIO of the Office of Personnel Management (OPM), who experienced a breach of around 22 million employee records last year, is now being sued because she failed to protect those individuals’ identity data. If this lawsuit is successful and chances are it will be, then we should expect to see more personal lawsuits taken out against executives of breached companies.

Reputation and Security Go Hand-in-Hand

One thing that we can be sure of in the Hillary Clinton ‘EmailGate’ case is that her reputation has been irreversibly tarnished. Reputation on both a commercial and individual level is a very delicate matter and once lost is difficult to put right. Financial losses are one thing and very damaging they can certainly be, but to lose a reputation can mean a previously shining career is ruined. We can no longer hide behind our company lawyers. As executives we need to take control of our cybersecurity strategy and ensure that from the board level downwards, everyone takes security and privacy seriously.