Facebook Doubles Bug Bounties For Ad-Related Flaws

  /     /     /  
Publicated : 22/11/2024   Category : security


Facebook Doubles Bug Bounties For Ad-Related Flaws


Is it a sign that online brands are treating malvertising more seriously?



As malicious attackers continue to target the online advertising ecosystem that drives todays Internet economy, increasing numbers of large online brands have been forced to find ways to stem the fraud of malvertising. Facebook made one such step today, announcing that it plans to offer big incentives to white hat hackers who find and report flaws in its advertising platform through the companys bug bounty program. Facebook says that for the rest of 2014 it will offer double bounties for vulnerabilities found in its advertising platform UI, API, analytics tools, and in the backend code that helps it target, deliver, bill, and measure ads.
We hope to encourage researchers to become more familiar with the surface area of ads to better protect the businesses that use them,
Facebook said in a blog announcing the bounty increase
.
The move can be seen as evidence that large Internet firms like Facebook understand the challenge they face as the criminals have found attacking advertising platforms to be highly profitable endeavors for a number of reasons.
Ad platforms have been a major channel for real damage against both users and the companies that service them, says Dan Kaminsky, chief scientist for WhiteOps. Malvertising pops up as a method for distributing malware, and the trend of click and impression fraud can bankrupt a firm while deeply enriching fraudsters.
While malvertising is often most associated with click fraud, some security researchers now believe it is gaining prevalence as a distribution method and
may rival current exploit kits as a distribution method
. Because of the way attackers abuse these platforms, some security experts wonder how effective simply doubling the bounty on flaws within Facebooks ad platform code will really be at solving the malvertising problem for Facebook customers and users.
Todays malvertising campaigns are not due to flaws in any given ad bidding platform. The issue is that real-time ad bidding allows advertising bid winners to redirect to self-hosted content outside the control of the ad platform, explains Pat Belcher, head analyst of security analytics for Invincea. Malvertisers are winning ad bids, redirecting visitors to exploit kits that are online for just a few minutes, and delivering malicious payloads to whomever they wish to target using the targeting capabilities of the real-time ad bidding platform providers.
Invincea
reportedly
also is seeing a rise in malvertising targeting defense contractors in cyber espionage attacks. The company plans to publish a report tomorrow on these attacks.
In this case, Facebook may simply be going through a CYA process, but the fundamental problems with how the platform works arent necessarily going to be fixed.
The problem with malvertising will continue, but at least Facebook can say it is not a flaw in their actual platform, Belcher says.
However, as Kaminsky explains, every step to thwart attackers offers some positive benefits.
The fewer places for bad guys to hide, the better. And this has been a very profitable place for them to hide, he says.

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Facebook Doubles Bug Bounties For Ad-Related Flaws