Connect with us

Published

on

Hackers are increasingly using online ads for malicious purposes. Often, it’s happening through routine Google searches.

These schemes are dubbed malvertising, and cyber criminals are striking more often and with increased sophistication. In fall 2023, cybersecurity software firm Malwarebytes tracked a 42% increase month-over-month in malvertising incidents in the U.S. All types of brands are being targeted, whether it’s for phishing purposes or for actual malware, said Jérôme Segura, senior director of research at Malwarebytes. “What I’m seeing is just the tip of the iceberg,” he said.

Many of these rogue ads appear as sponsored content during a search engine query on a desktop or mobile device. But malicious code can also be hidden in ads that appear on mainstream websites consumers routinely visit. Some of these ads will only ensnare consumers who click on them, but in some cases, people can be vulnerable in a more passive way — sometimes just by visiting an infected site, said Erich Kron, security awareness advocate for KnowBe4, a security awareness and training company. 

Corporate employees can also be targets of malvertising, Segura said. He cited a few actual examples that were recently uncovered involving big companies. Lowe’s staff members were targeted via a Google ad for an employee portal claiming to be associated with the retailer. Clicking on the link, “myloveslife.net,” which contains a misspelling of the company’s name, took users to a phishing page with Lowe’s logo. This had the potential to confuse employees since many don’t know offhand the URL for their internal website. “You see the brand, even the official logo of that brand, and for you it’s enough to think it’s real,” Segura said.

Segura also cited an ad meant to impersonate Salesforce-owned communication tool Slack. Initially, by clicking on the ad, he was redirected to a price page on Slack’s official website. But suspecting bad actors were at play, Segura dug deeper and uncovered an impersonation ploy, which involved trying to convince unsuspecting users to download something purporting to be the Slack app.

It’s not Google’s fault, but don’t trust it

Malvertising is not new, but cybercriminals are getting smarter and the ads are often so realistic that it’s easy to be duped. The problem is exacerbated by the fact that so many people use and trust Google as a search engine, where many of the malicious ads can be found. It’s not a problem with Google, per se; malicious ads can also show up in queries using other search engines like Microsoft’s Bing. It’s just that Google is such a widely used search engine and people trust it and let their guard down. “You see something appearing on a Google search, you kind of assume it is something valid,” said Stuart Madnick, professor of information technology at MIT Sloan School of Management. 

Consumers can also fall prey to malicious ads on trusted websites they visit regularly.  Many of these ads are legitimate, but some bad ones can slip through the cracks. “It’s like the post office. Does the mailman check every letter you get to make sure it’s really from Publishers Clearing House?” Madnick said.

Be very careful about where and when you click

Consumers can take steps to protect themselves against malvertising attempts. For instance, they should avoid clicking on sponsored links that come up during an internet search. Often, the first ad below the sponsored one will be the product they are looking for, and since it isn’t sponsored, there’s less chance of being sidelined by malicious code or a phishing attempt.

If you do click on a sponsored link, check the URL at the top of the web page to make sure it’s really where you meant to be before taking any other actions. For example, if you’re trying to visit Gap.com, make sure you’re not really on Gaps.com. Consumers who find themselves on a suspicious site should close the window immediately, said Avinash Collis, assistant professor at Carnegie Mellon University’s Heinz College. In most cases, this will avoid further trouble, he said.

Consumers also need to be careful about clicking ads they see on trusted websites, Kron said. They may, for instance, see ads for products that are much lower in cost than elsewhere. But Kron recommends not clicking and instead visiting the trusted website of the product seller. Most of the time, consumers will be able to search on the provider’s site if a special deal exists, or the deal will be highlighted on the main page of the trusted website, he said.

Also avoid calling a telephone number listed in a sponsored ad because it could be a fake telephone number. If you call it, cyber thieves could gain access to your computer or your personal information, depending on the scheme, said Chris Pierson, CEO of BlackCloak, a cybersecurity and privacy platform that provides digital executive protection for corporate executives.

Consumers should make sure they are calling a number from official product documentation they have in their possession, Pierson said. Alternatively, consumers could visit the company’s home page for this information. “Doing a [web] search could return results that are not sponsored by the company and telephone numbers that are associated with cybercriminals. All it takes to get an ad out there is money and, of course, cybercriminals that are stealing money, have the ability to pay for that bait,” Pierson said. 

Avoid ‘drive-by-downloads’

Consumers should also make sure the operating system and internet browsers are up-to-date on their computer and mobile phone. 

So-called drive-by-downloads, which can impact people who merely visit a website infected with malicious codes, generally rely on a vulnerability in the user’s browser. This is not as much of a threat for people who keep their browsers and browser extensions up-to-date, Kron said. 

Consumers could also consider installing anti-malware software on their computer and phone. Another option is to avoid ads by installing an ad blocker extension such as uBlock Origin, a free and open-source browser extension for content filtering, including ad blocking. Some consumers may also opt to install a privacy browser such as Aloha, Brave, DuckDuckGo or Ghostery on their personal devices. Many privacy browsers have embedded ad blockers; consumers may still see sponsored ads, but they will see fewer of them, which minimizes the chances of malvertising. 

Consumers who come across suspicious ads should report them to the applicable search engine for investigation and removal if deemed malicious, Collis said. This can help protect other people from being ensnared. 

Proper safety precautions are especially important since there are millions of ads on the internet and cyber thieves are relentless. “You should assume that this could happen to you no matter how careful you are,” Madnick said.

Continue Reading

Technology

Elon Musk’s X temporarily down for tens of thousands of users

Published

on

By

Elon Musk's X temporarily down for tens of thousands of users

Elon Musk looks on as U.S. President Donald Trump meets South African President Cyril Ramaphosa in the Oval Office of the White House in Washington, D.C., U.S., May 21, 2025.

Kevin Lamarque | Reuters

The Elon Musk-owned social media platform X experienced a brief outage on Saturday morning, with tens of thousands of users reportedly unable to use the site.

About 25,000 users reported issues with the platform, according to the analytics platform Downdetector, which gathers data from users to monitor issues with various platforms.

Roughly 21,000 users reported issues just after 8:30 a.m. ET, per the analytics platform.

The issues appeared to be largely resolved by around 9:55 a.m., when about 2,000 users were reporting issues with the platform.

Read more CNBC politics coverage

X did not immediately respond to CNBC’s request for comment. Additional information on the outage was not available.

Musk, the billionaire owner of SpaceX and Tesla, acquired X, formerly known as Twitter in 2022.

The site has had a number of widespread outages since the acquisition.

The site experienced another outage in March, which Musk attributed at the time to a “massive cyberattack.”

“We get attacked every day, but this was done with a lot of resources,” Musk wrote in a post at the time.

This is breaking news. Check back for updates

Continue Reading

Technology

Companies turn to AI to navigate Trump tariff turbulence

Published

on

By

Companies turn to AI to navigate Trump tariff turbulence

Artificial intelligence robot looking at futuristic digital data display.

Yuichiro Chino | Moment | Getty Images

Businesses are turning to artificial intelligence tools to help them navigate real-world turbulence in global trade.

Several tech firms told CNBC say they’re deploying the nascent technology to visualize businesses’ global supply chains — from the materials that are used to form products, to where those goods are being shipped from — and understand how they’re affected by U.S. President Donald Trump’s reciprocal tariffs.

Last week, Salesforce said it had developed a new import specialist AI agent that can “instantly process changes for all 20,000 product categories in the U.S. customs system and then take action on them” as needed, to help navigate changes to tariff systems.

Engineers at the U.S. software giant used the Harmonized Tariff Schedule, a 4,400-page document of tariffs on goods imported to the U.S., to inform answers generated by the agent.

“The sheer pace and complexity of global tariff changes make it nearly impossible for most businesses to keep up manually,” Eric Loeb, executive vice president of government affairs at Salesforce, told CNBC. “In the past, companies might have relied on small teams of in-house experts to keep pace.”

Firms say that AI systems are enabling them to take decisions on adjustments to their global supply chains much faster.

Andrew Bell, chief product officer of supply chain management software firm Kinaxis, said that manufacturers and distributors looking to inform their response to tariffs are using his firm’s machine learning technology to assess their products and the materials that go into them, as well as external signals like news articles and macroeconomic data.

“With that information, we can start doing some of those simulations of, here is a particular part that is in your build material that has a significant tariff. If you switched to using this other part instead, what would the impact be overall?” Bell told CNBC.

‘AI’s moment to shine’

Trump’s tariffs list — which covers dozens of countries — has forced companies to rethink their supply chains and pricing, with the likes of Walmart and Nike already raising prices on some products. The U.S. imported about $3.3 trillion of goods in 2024, according to census data.

Uncertainty from the U.S. tariff measures “actually probably presents AI’s moment to shine,” Zack Kass, a futurist and former head of OpenAI’s go-to-market strategy, told CNBC’s Silvia Amaro at the Ambrosetti Forum in Italy last month.

Read more CNBC tech news

“If you wonder how hard things could get without AI vis-a-vis automation, and what would happen in a world where you can’t just employ a bunch of people overnight, AI presents this alternative proposal,” he added.

Nagendra Bandaru, managing partner and global head of technology services at Indian IT giant Wipro, said clients are using the company’s agentic AI solutions “to pivot supplier strategies, adjust trade lanes, and manage duty exposure dynamically as policy landscapes evolve.”

Wipro says it uses a range of AI systems — both proprietary and supplied by third parties — from large language models to traditional machine learning and computer vision techniques to inspect physical assets in cross-border transit.

‘Not a silver bullet’

While it preferred to keep company names confidential, Wipro said that firms using its AI products to navigate Trump’s tariffs range from a Fortune 500 electronics manufacturer with factories in Asia to an automotive parts supplier exporting to Europe and North America.

“AI is a powerful enabler — but not a silver bullet,” Bandaru told CNBC. “It doesn’t replace trade policy strategy, it enhances it by transforming global trade from a reactive challenge into a proactive, data-driven advantage.”

AI was already a key investment priority for global firms prior to Trump’s sweeping tariff announcements on April. Nearly three-quarters of business leaders ranked AI and generative AI in their top three technologies for investment in 2025, according to a report by Capgemini published in January.

“There are a number of ways AI can assist companies dealing with the tariffs and resulting uncertainty.  But any AI solution’s success will be predicated on the quality of the data it has access to,” Ajay Agarwal, partner at Bain Capital Ventures, told CNBC.

The venture capitalist said that one of his portfolio companies, FourKites, uses supply chain network data with AI to help firms understand the logistics impacts of adjusting suppliers due to tariffs.

“They are working with a number of Fortune 500 companies to leverage their agents for freight and ocean to provide this level of visibility and intelligence,” Agarwal said.

“Switching suppliers may reduce tariffs costs, but might increase lead times and transportation costs,” he added. “In addition, the volatility of the tariffs [has] severely impacted the rates and capacity available in both the ocean and the domestic freight networks.”

WATCH: Former OpenAI exec says tariffs ‘present AI’s moment to shine’

Former OpenAI exec says tariffs 'present AI's moment to shine'

Continue Reading

Technology

Amazon’s Zoox robotaxi unit issues second software recall in a month after San Francisco crash

Published

on

By

Amazon's Zoox robotaxi unit issues second software recall in a month after San Francisco crash

A Zoox autonomous robotaxi in San Francisco, California, US, on Wednesday, Dec. 4, 2024.

David Paul Morris | Bloomberg | Getty Images

Amazon‘s Zoox robotaxi unit issued a voluntary recall of its software for the second time in a month following a recent crash in San Francisco.

On May 8, an unoccupied Zoox robotaxi was turning at low speed when it was struck by an electric scooter rider after braking to yield at an intersection. The person on the scooter declined medical attention after sustaining minor injuries as a result of the collision, Zoox said.

“The Zoox vehicle was stopped at the time of contact,” the company said in a blog post. “The e-scooterist fell to the ground directly next to the vehicle. The robotaxi then began to move and stopped after completing the turn, but did not make further contact with the e-scooterist.”

Zoox said it submitted a voluntary software recall report to the National Highway Traffic Safety Administration on Thursday.

A Zoox spokesperson said the notice should be published on the NHTSA website early next week. The recall affected 270 vehicles, the spokesperson said.

The NHTSA said in a statement it had received the recall notice and that the agency “advises road users to be cautious in the vicinity of vehicles because drivers may incorrectly predict the travel path of a cyclist or scooter rider or come to an unexpected stop.”

If an autonomous vehicle continues to move after contact with any nearby vulnerable road user, it risks causing harm or further harm. In the AV industry, General Motors-backed Cruise exited the robotaxi business after a collision in which one of its vehicles injured a pedestrian who had been struck by a human-driven car and was then rolled over by the Cruise AV.

Zoox’s May incident comes roughly two weeks after the company announced a separate voluntary software recall following a recent Las Vegas crash. In that incident, an unoccupied Zoox robotaxi collided with a passenger vehicle, resulting in minor damage to both vehicles.

The company issued a software recall for 270 of its robotaxis in order to address a defect with its automated driving system that could cause it to inaccurately predict the movement of another car, increasing the “risk of a crash.”

Amazon acquired Zoox in 2020 for more than $1 billion, announcing at the time that the deal would help bring the self-driving technology company’s “vision for autonomous ride-hailing to reality.”

While Zoox is in a testing and development stage with its AVs on public roads in the U.S., Alphabet’s Waymo is already operating commercial, driverless ride-hailing services in Phoenix, San Francisco, Los Angeles and Austin, Texas, and is ramping up in Atlanta.

Tesla is promising it will launch its long-delayed robotaxis in Austin next month, and, if all goes well, plans to expand after that to San Francisco, Los Angeles and San Antonio, Texas.

— CNBC’s Lora Kolodny contributed to this report.

WATCH: Tesla’s decade-long journey to robotaxis

Tesla's decade-long journey to robotaxis

Continue Reading

Trending