Updates to the Google Safe Browsing’s Site Status Tool

Comments Off on Updates to the Google Safe Browsing’s Site Status Tool

(Cross-posted from the Google Security Blog)
Google Safe Browsing gives users tools to help protect themselves from web-based threats like malware, unwanted software, and social engineering. We are best known for our warnings, which users see when they attempt to navigate to dangerous sites or download dangerous files. We also provide other tools, like the Site Status Tool, where people can check the current safety status of a web page (without having to visit it).

We host this tool within Google’s Safe Browsing Transparency Report. As with other sections in Google’s Transparency Report, we make this data available to give the public more visibility into the security and health of the online ecosystem. Users of the Site Status Tool input a webpage (as a URL, website, or domain) into the tool, and the most recent results of the Safe Browsing analysis for that webpage are returned…plus references to troubleshooting help and educational materials.

We’ve just launched a new version of the Site Status Tool that provides simpler, clearer results and is better designed for the primary users of the page: people who are visiting the tool from a Safe Browsing warning they’ve received, or doing casual research on Google’s malware and phishing detection. The tool now features a cleaner UI, easier-to-interpret language, and more precise results. We’ve also moved some of the more technical data on associated ASes (autonomous systems) over to the malware dashboard section of the report.

 While the interface has been streamlined, additional diagnostic information is not gone: researchers who wish to find more details can drill-down elsewhere in Safe Browsing’s Transparency Report, while site-owners can find additional diagnostic information in Search Console. One of the goals of the Transparency Report is to shed light on complex policy and security issues, so, we hope the design adjustments will indeed provide our users with additional clarity.

March 30th 2017 malware

#NoHacked: A year in review

Comments Off on #NoHacked: A year in review
We hope your year started out safe and secure!
We wanted to share with you a summary of our 2016 work as we continue our #NoHacked campaign. Let’s start with some trends on hacked sites from the past year.

State of Website Security in 2016

First off, some unfortunate news. We’ve seen an increase in the number of hacked sites by approximately 32% in 2016 compared to 2015. We don’t expect this trend to slow down. As hackers get more aggressive and more sites become outdated, hackers will continue to capitalize by infecting more sites.
On the bright side, 84% webmasters who do apply for reconsideration are successful in cleaning their sites. However, 61% of webmasters who were hacked never received a notification from Google that their site was infected because their sites weren’t verified in Search Console. Remember to register for Search Console if you own or manage a site. It’s the primary channel that Google uses to communicate site health alerts.

More Help for Hacked Webmasters

We’ve been listening to your feedback to better understand how we can help webmasters with security issues. One of the top requests was easier to understand documentation about hacked sites. As a result we’ve been hard at work to make our documentation more useful.
First, we created new documentation to give webmasters more context when their site has been compromised. Here is a list of the new help documentation:

Next, we created clean up guides for sites affected by known hacks. We’ve noticed that sites often get affected in similar ways when hacked. By investigating the similarities, we were able to create clean up guides for specific known type of hack. Below is a short description of each of the guides we created:
Gibberish Hack: The gibberish hack automatically creates many pages with non-sensical sentences filled with keywords on the target site. Hackers do this so the hacked pages show up in Google Search. Then, when people try to visit these pages, they’ll be redirected to an unrelated page, like a porn site. Learn more on how to fix this type of hack.
Japanese Keywords Hack: The Japanese keywords hack typically creates new pages with Japanese text on the target site in randomly generated directory names. These pages are monetized using affiliate links to stores selling fake brand merchandise and then shown in Google search. Sometimes the accounts of the hackers get added in Search Console as site owners. Learn more on how to fix this type of hack.
Cloaked Keywords Hack: The cloaked keywords and link hack automatically creates many pages with non-sensical sentence, links, and images. These pages sometimes contain basic template elements from the original site, so at first glance, the pages might look like normal parts of the target site until you read the content. In this type of attack, hackers usually use cloaking techniques to hide the malicious content and make the injected page appear as part of the original site or a 404 error page. Learn more on how to fix this type of hack.

Prevention is Key

As always it’s best to take a preventative approach and secure your site rather than dealing with the aftermath. Remember a chain is only as strong as its weakest link. You can read more about how to identify vulnerabilities on your site in our hacked help guide. We also recommend staying up-to-date on releases and announcements from your Content Management System (CMS) providers and software/hardware vendors.

Looking Forward

Hacking behavior is constantly evolving, and research allows us to stay up to date on and combat the latest trends. You can learn about our latest research publications in the information security research site. Highlighted below are a few specific studies specific to website compromises:

If you have feedback or specific questions about compromised sites, the Webmaster Help Forums has an active group of Googlers and technical contributors that can address your questions and provide additional technical support.

March 21st 2017 malware

Google Removed 1.7 Billion Bad Ads in 2016

Comments Off on Google Removed 1.7 Billion Bad Ads in 2016

Google more than doubled the amount of ads it took down in 2016 from its platform compared to 2015, removing over 1.7 billion “bad” ads. Why take down so many ads? “Ultimately, bad ads pose a threat to users, Google’s partners, and the sustainability of the open web itself,” said Scott Spencer, Google’s Director of Product Management for Sustainable Ads.

“We have a strict set of policies that govern the types of ads we do and don’t allow on Google in order to protect people from misleading, inappropriate, or harmful ads,” noted Spencer. “And we have a team of engineers, policy experts, product managers and others who are waging a daily fight against bad actors. Over the years, this commitment has made the web a better place for you—and a worse place for those who seek to abuse advertising systems for their own gain.”

Google’s Strategy for Taking Down Bad Ads

In 2016 Google expanded their definition of what a bad ad is in order to remove any ad that is misleading or deemed to be predatory. In July, for instance, they started banning ads for payday loans, which are considered a bad deal for the end user who often are poor to begin with. Google said that in just 6 months since implementing the ban over 5 million payday loan ads were removed.

Google also improved their bad ad technology. “We beefed up our technology so we can spot and disable bad ads even faster,” said Spencer. “For example, “trick to click” ads often appear as system warnings to deceive users into clicking on them, not realizing they are often downloading harmful software or malware. In 2016, our systems detected and disabled a total of 112 million ads for “trick to click,” 6X more than in 2015.”

More Key Bad Ad Actions Announced by Google
  • Disabled more than 68 million bad ads for healthcare violations.
  • Took down more than 17 million bad ads for illegal gambling.
  • Took down nearly 80 million bad ads for deceiving, misleading and shocking users.
  • Detected and disabled more than 23,000 self-clicking ads.
  • Took down 7 million bad ads for attempting to trick our detection systems.
  • Suspended more than 1,300 accounts for tabloid cloaking, pretending to be news.
  • Took action on 47,000 sites for promoting content and products related to weight-loss scams.
  • Took action on more than 15,000 sites for unwanted software.
  • Disabled 900,000 ads for containing malware.
  • Suspended around 6,000 sites for attempting to advertise counterfeit goods.
  • Took action against 340 website owners impersonation news or other entities.

“While we took down more bad ads in 2016 than ever before, the battle doesn’t end here,” says Spencer. “As we invest in better detection, the scammers invest in more elaborate attempts to trick our systems. Continuing to find and fight them is essential to protecting people online and ensuring you get the very best from the open web.”

The post Google Removed 1.7 Billion Bad Ads in 2016 appeared first on WebProNews.

January 27th 2017 AdWords, Google, malware

More Safe Browsing Help for Webmasters

Comments Off on More Safe Browsing Help for Webmasters

(Crossposted from the Google Security Blog.)
For more than nine years, Safe Browsing has helped webmasters via Search Console with information about how to fix security issues with their sites. This includes relevant Help Center articles, example URLs to assist in diagnosing the presence of harmful content, and a process for webmasters to request reviews of their site after security issues are addressed. Over time, Safe Browsing has expanded its protection to cover additional threats to user safety such as Deceptive Sites and Unwanted Software.

To help webmasters be even more successful in resolving issues, we’re happy to announce that we’ve updated the information available in Search Console in the Security Issues report.

The updated information provides more specific explanations of six different security issues detected by Safe Browsing, including malware, deceptive pages, harmful downloads, and uncommon downloads. These explanations give webmasters more context and detail about what Safe Browsing found. We also offer tailored recommendations for each type of issue, including sample URLs that webmasters can check to identify the source of the issue, as well as specific remediation actions webmasters can take to resolve the issue.

We on the Safe Browsing team definitely recommend registering your site in Search Console even if it is not currently experiencing a security issue. We send notifications through Search Console so webmasters can address any issues that appear as quickly as possible.

Our goal is to help webmasters provide a safe and secure browsing experience for their users. We welcome any questions or feedback about the new features on the Google Webmaster Help Forum, where Top Contributors and Google employees are available to help.

For more information about Safe Browsing’s ongoing work to shine light on the state of web security and encourage safer web security practices, check out our summary of trends and findings on the Safe Browsing Transparency Report. If you’re interested in the tools Google provides for webmasters and developers dealing with hacked sites, this video provides a great overview.

September 7th 2016 malware, security

Hard Rock Las Vegas Credit Card Data Scraped

Comments Off on Hard Rock Las Vegas Credit Card Data Scraped

The Hard Rock Hotel & Casino in Las Vegas discovered a major breach of their credit card processing data with card scraping malware placed on its payment-card system. Cardholders who purchased anything at Hard Rock Las Vegas including restaurant and retail outlets between October 27, 2015 and March 21, 2016, could have been affected. The popular Las Vegas party resort popular with celebrities first noticed irregularities in May.

The Hard Rock described the data that was taken:

“The investigation identified signs of unauthorized access to the resort’s payment card environment. Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system. In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code. In other instances the program only found payment card data that did not include cardholder name. No other customer information was involved.”

“Once again, we see another hotel being breached by what is suspected to be malware that was placed on a payment-card system,” stated John Christly, who is a Cybersecurity Evangelist at Netsurion. “Customers like this need to understand that they are in a digital war with the hackers that want this type of data.” Christly bluntly calls this “a a war that is being won, in many instances, by these hackers and that absolutely needs to change.”

Zach Forsyth, Director of Product Strategy at Comodo tells us why hospitality organization are targeted by hackers:

“Hospitality organizations are ideal targets for the cybercriminal today because they handle highly valuable personal and financial information—the proverbial goldmine for the cyberthief. Large, well-known chains are even more susceptible targets due to the sheer volume of data that they store and share.

Unfortunately, many of these companies have antiquated IT security technology in place, which is an easy workaround for the hackers. It’s a harsh reality that the technology some organizations use today is as effective as installing a home security system that alerts you to a break-in after the robbers have already stolen everything, vandalized the house and left. By then, it’s too late. The focus for IT departments needs to be on protection, not detection, and installing modern secure Web gateways and advanced endpoint protection solutions that can stop malware and cyberattacks from compromising data and negatively impacting their businesses and customers.”

“We advise our customers that any business, regardless of size, that processes payment data or offers free Wi-Fi to guests, is a lucrative breach target, but it’s still no secret that large brand name companies like Hard Rock are unfortunate targets for hackers— enticing them with large quantities of valuable information such as credit card data for patrons, sensitive employee data for staff, and sometimes even medical data used by in-house care facilities, added Christly. “Many recent breaches have involved malware that, once installed, works to steal sensitive data.”

“There’s no silver bullet strategy to defend against every threat. However, a strong line of defense is making sure that data doesn’t leave the network without the admin’s knowledge and if data is sent out, it only goes to verified Internet addresses. This is where having a relationship with a managed security provider can help, since it is very difficult to defend against the emerging threats of today’s cybersecurity world on your own.”

According to the Wall Street Journal, “In the past year, Hyatt Hotels Inc., Starwood Hotels & Resorts Worldwide Inc. and Hilton Worldwide Holdings Inc. all reported data breaches of their credit and debit-card processing systems.”

The post Hard Rock Las Vegas Credit Card Data Scraped appeared first on WebProNews.

June 29th 2016 malware, security

How do you outsmart malware?

Comments Off on How do you outsmart malware?

Makrophages engulfing tuberculosis bacteria in a pulmonary alveolus The growth of data breaches in recent months and years is in large part because of the new generation of smart malware being developed on a daily basis. Malicious actors are constantly taking advantage of technological innovations and breakthroughs to devise new ways to flood the Internet with new malware that circumvent security tools, propagate within networks and siphon critical data for… Read More

May 26th 2016 malware, security

Linux Ransomware Is Now Attacking Webmasters

Comments Off on Linux Ransomware Is Now Attacking Webmasters

Encoder-1 A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files. From Dr.Web Antivirus: Once launched with administrator privileges, the Trojan dubbed Linux.Encoder.1… Read More

November 7th 2015 malware

Safe Browsing and Google Analytics: Keeping More Users Safe, Together

Comments Off on Safe Browsing and Google Analytics: Keeping More Users Safe, Together

The following was originally posted on the Google Online Security Blog.

If you run a web site, you may already be familiar with Google Webmaster Tools and how it lets you know if Safe Browsing finds something problematic on your site. For example, we’ll notify you if your site is delivering malware, which is usually a sign that it’s been hacked. We’re extending our Safe Browsing protections to automatically display notifications to all Google Analytics users via familiar Google Analytics Notifications.

Google Safe Browsing has been protecting people across the Internet for over eight years and we’re always looking for ways to extend that protection even further. Notifications like these help webmasters like you act quickly to respond to any issues. Fast response helps keep your site—and your visitors—safe.

March 4th 2015 malware, security

New Adware Found In Google Play Apps With Millions Of Downloads

Comments Off on New Adware Found In Google Play Apps With Millions Of Downloads

mobile-malware A new report from security firm Avast out this morning reveals the discovery of a new form of malware on the Google Play store, which begins to display advertisements disguised as warning messages to end users when they unlock their Android smartphone. What’s interesting about this malware – or adware, as it’s better known – is that some of the applications where it… Read More

February 4th 2015 Android, malware, Mobile, security

Have We Entered the Age of Brand Terrorism?

Comments Off on Have We Entered the Age of Brand Terrorism?

In October, FBI director James Comey no doubt caused a sleepless night for many an executive when he told CBS' 60 Minutes that "there are two kinds of big companies in the United States … those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese."

Comey was saying, more or less, that every U.S. corporation has already been attacked—a fact that lengthens the list of brands whose high-profile breaches have made news lately, among them Neiman Marcus, The Home Depot, Dairy Queen, Target and Kmart. According to research from cyber security firm Trustwave, large retail brands now make up close to half of the hacking targets out there.

But behind the headlines and the fear of stolen identities, observers say there's something even darker going on. In the old days, hacking used to be about making mischief and stealing money. Hackers who targeted "America" mostly attacked federal agencies. Today, increasingly, it's companies that symbolize America on the global stage, and attacking the U.S. means attacking its brands. Are we experiencing an age of brand terrorism?

"That's exactly what it is," said Robert Herjavec, founder of global IT security firm The Herjavec Group. "The higher profile your brand, the more value it carries and the bigger a target it is."

Herjavec believes that hacking has entered a new stage in which the perpetrators are state actors whose goals have moved beyond mere larceny. "In the last 24 months, we've been seeing an absolute surge of state-sponsored cyber attacks," he said. "We're no longer dealing with individuals who want to steal your money. We're dealing with foreign national governments that want to hurt America." And in an age of viral content, there are few better ways to make the country look vulnerable than to cut down its famous brand names.

Nobody's arguing that money isn't behind at least some of the high-profile hacking. The malware implanted in Target's mainframe just before last year's holiday shopping season siphoned off as many as 40 million credit card numbers. The attack on The Home Depot two months ago affected 56 million. But according to Herjavec's data, only 40 percent of computer attacks are financially motivated.

Indeed, while stolen credit card data always makes for good-news copy, the motivations of several well-publicized breaches clearly ran deeper. The attack on JPMorgan Chase discovered this August has been linked to the Russian government. Experts also believe that Axiom, a state-sponsored hacker group based in China, was behind the 2010 attack on Google.

According to the FBI, state-sponsored cyber attacks are often launched to steal intellectual property, but the chaos caused by a breach has become an end in itself. Speaking at a symposium held at New York's John Jay College of Criminal Justice earlier this month, K2 Intelligence executive director Mitchell Silber observed that "the difference between where a cyber criminal hack ends and where some type of state or states-sponsored event begins" is becoming "murky."

Which isn't just bad news for the country, but doubly bad news for brands. Not only are they liable for the fiscal consequences of a hacking (some $34 million in The Home Depot's case), but their names also become linked to the public fear that inevitably arises from a high-profile breach. Rex Whisman, founder and chief strategist of the Denver-based BrandED Consultants Group, observed, "Security is going to increasingly be a part of the associations consumers make when they hear and see a brand name."

Facing that kind of pressure, it’s little wonder that marketers are scrambling to shore up their defenses—a task made more difficult, Whisman said, because "safety and data breaches weren't necessarily part of the [original] brand strategy." A recent Trustwave study suggests how much work remains to be done. Some companies are still using off-the-shelf software in frail hopes of detecting sophisticated malware. It doesn't help that a large number of IT departments still use laughably easy passwords to protect corporate information.

No brands can bolt all the doors that the Web permits entry to, but until they seal more of them, they'll be vulnerable to what Herjavec called "terrorist factions who attract young, idealistic, tech-savvy people" into their ranks. "What companies don't realize is that we're fighting a cold war," he added, "just like we did in the 1960s with the Russians."

December 1st 2014 malware, Mobile, Technology