Connect with us

Published

on

Hackers are increasingly using online ads for malicious purposes. Often, it’s happening through routine Google searches.

These schemes are dubbed malvertising, and cyber criminals are striking more often and with increased sophistication. In fall 2023, cybersecurity software firm Malwarebytes tracked a 42% increase month-over-month in malvertising incidents in the U.S. All types of brands are being targeted, whether it’s for phishing purposes or for actual malware, said Jérôme Segura, senior director of research at Malwarebytes. “What I’m seeing is just the tip of the iceberg,” he said.

Many of these rogue ads appear as sponsored content during a search engine query on a desktop or mobile device. But malicious code can also be hidden in ads that appear on mainstream websites consumers routinely visit. Some of these ads will only ensnare consumers who click on them, but in some cases, people can be vulnerable in a more passive way — sometimes just by visiting an infected site, said Erich Kron, security awareness advocate for KnowBe4, a security awareness and training company. 

Corporate employees can also be targets of malvertising, Segura said. He cited a few actual examples that were recently uncovered involving big companies. Lowe’s staff members were targeted via a Google ad for an employee portal claiming to be associated with the retailer. Clicking on the link, “myloveslife.net,” which contains a misspelling of the company’s name, took users to a phishing page with Lowe’s logo. This had the potential to confuse employees since many don’t know offhand the URL for their internal website. “You see the brand, even the official logo of that brand, and for you it’s enough to think it’s real,” Segura said.

Segura also cited an ad meant to impersonate Salesforce-owned communication tool Slack. Initially, by clicking on the ad, he was redirected to a price page on Slack’s official website. But suspecting bad actors were at play, Segura dug deeper and uncovered an impersonation ploy, which involved trying to convince unsuspecting users to download something purporting to be the Slack app.

It’s not Google’s fault, but don’t trust it

Malvertising is not new, but cybercriminals are getting smarter and the ads are often so realistic that it’s easy to be duped. The problem is exacerbated by the fact that so many people use and trust Google as a search engine, where many of the malicious ads can be found. It’s not a problem with Google, per se; malicious ads can also show up in queries using other search engines like Microsoft’s Bing. It’s just that Google is such a widely used search engine and people trust it and let their guard down. “You see something appearing on a Google search, you kind of assume it is something valid,” said Stuart Madnick, professor of information technology at MIT Sloan School of Management. 

Consumers can also fall prey to malicious ads on trusted websites they visit regularly.  Many of these ads are legitimate, but some bad ones can slip through the cracks. “It’s like the post office. Does the mailman check every letter you get to make sure it’s really from Publishers Clearing House?” Madnick said.

Be very careful about where and when you click

Consumers can take steps to protect themselves against malvertising attempts. For instance, they should avoid clicking on sponsored links that come up during an internet search. Often, the first ad below the sponsored one will be the product they are looking for, and since it isn’t sponsored, there’s less chance of being sidelined by malicious code or a phishing attempt.

If you do click on a sponsored link, check the URL at the top of the web page to make sure it’s really where you meant to be before taking any other actions. For example, if you’re trying to visit Gap.com, make sure you’re not really on Gaps.com. Consumers who find themselves on a suspicious site should close the window immediately, said Avinash Collis, assistant professor at Carnegie Mellon University’s Heinz College. In most cases, this will avoid further trouble, he said.

Consumers also need to be careful about clicking ads they see on trusted websites, Kron said. They may, for instance, see ads for products that are much lower in cost than elsewhere. But Kron recommends not clicking and instead visiting the trusted website of the product seller. Most of the time, consumers will be able to search on the provider’s site if a special deal exists, or the deal will be highlighted on the main page of the trusted website, he said.

Also avoid calling a telephone number listed in a sponsored ad because it could be a fake telephone number. If you call it, cyber thieves could gain access to your computer or your personal information, depending on the scheme, said Chris Pierson, CEO of BlackCloak, a cybersecurity and privacy platform that provides digital executive protection for corporate executives.

Consumers should make sure they are calling a number from official product documentation they have in their possession, Pierson said. Alternatively, consumers could visit the company’s home page for this information. “Doing a [web] search could return results that are not sponsored by the company and telephone numbers that are associated with cybercriminals. All it takes to get an ad out there is money and, of course, cybercriminals that are stealing money, have the ability to pay for that bait,” Pierson said. 

Avoid ‘drive-by-downloads’

Consumers should also make sure the operating system and internet browsers are up-to-date on their computer and mobile phone. 

So-called drive-by-downloads, which can impact people who merely visit a website infected with malicious codes, generally rely on a vulnerability in the user’s browser. This is not as much of a threat for people who keep their browsers and browser extensions up-to-date, Kron said. 

Consumers could also consider installing anti-malware software on their computer and phone. Another option is to avoid ads by installing an ad blocker extension such as uBlock Origin, a free and open-source browser extension for content filtering, including ad blocking. Some consumers may also opt to install a privacy browser such as Aloha, Brave, DuckDuckGo or Ghostery on their personal devices. Many privacy browsers have embedded ad blockers; consumers may still see sponsored ads, but they will see fewer of them, which minimizes the chances of malvertising. 

Consumers who come across suspicious ads should report them to the applicable search engine for investigation and removal if deemed malicious, Collis said. This can help protect other people from being ensnared. 

Proper safety precautions are especially important since there are millions of ads on the internet and cyber thieves are relentless. “You should assume that this could happen to you no matter how careful you are,” Madnick said.

Continue Reading

Technology

Trump aims to cut $6 billion from NASA budget, shifting $1 billion to Mars-focused missions

Published

on

By

Trump aims to cut  billion from NASA budget, shifting  billion to Mars-focused missions

The Trump administration has floated a plan to trim about $6 billion from the budget of NASA, while allocating $1 billion of remaining funds to Mars-focused initiatives, aligning with an ambition long held by Elon Musk and his rocket maker SpaceX.

A copy of the discretionary budget posted to the NASA website on Friday said that the change focuses NASA’s funding on “beating China back to the Moon and on putting the first human on Mars.”

NASA also said it will need to “streamline” its workforce, information technology services, NASA Center operations, facility maintenance, and construction and environmental compliance activities, and terminate multiple “unaffordable” missions, while reducing scientific missions for the sake of “fiscal responsibility.”

Janet Petro, NASA’s acting administrator, said in an agency-wide email on Friday that the proposed lean budget, which would cut about 25% of the space agency’s funding, “reflects the administration’s support for our mission and sets the stage for our next great achievements.”

Petro urged NASA employees to “persevere, stay resilient, and lean into the discipline it takes to do things that have never been done before — especially in a constrained environment,” according to the memo, which was obtained by CNBC. She acknowledged the budget would “require tough choices,” and that some of NASA’s “activities will wind down.”

The document on NASA’s website said it’s allocating more than $7 billion for moon exploration and “introducing $1 billion in new investments for Mars-focused programs.”

SpaceX, which is already among the largest NASA and Department of Defense contractors, has long sought to launch a manned mission to Mars. The company says on its website that its massive Starship rocket is designed to “carry both crew and cargo to Earth orbit, the Moon, Mars and beyond.”

Musk, who is the founder and CEO of SpaceX, has a central role in President Donald Trump’s administration, leading an effort to slash the size, spending and capacity of the federal government, and influencing regulatory changes through the Department of Government Efficiency (DOGE).

Musk, who frequently makes aggressive and incorrect projections for his companies, said in 2020 that he was “highly confident” that SpaceX would land humans on Mars by 2026.

Petro highlighted in her memo that under the discretionary budget, NASA would retire the SLS (Space Launch System) rocket, the Orion spacecraft and Gateway programs.

It would also put an end to its green aviation spending and to its Mars Sample Return (MSR) Program, which sought to use rockets and robotic systems to “collect and send samples of Martian rocks, soils and atmosphere back to Earth for detailed chemical and physical analysis,” according to a website for NASA’s Jet Propulsion Laboratory.

Some of the biggest reductions at NASA, should the budget get approved, would hit the space agency’s space science, Earth science and mission support divisions.

Petro didn’t name any specific aerospace and defense contractors in her agency-wide email. However SpaceX, ULA and Jeff Bezos’ Blue Origin are positioned to continue to conduct launches in the absence of the SLS. Boeing is currently the prime contractor leading the SLS program.

“This is far from the first time NASA has been asked to adapt, and your ability to deliver, even under pressure, is what sets NASA apart,” she wrote.

President Trump’s nominee to lead NASA, tech entrepreneur Jared Isaacman, still has to be approved by the U.S. Senate. His nomination was advanced out of the Senate Commerce Committee on Wednesday.

WATCH: CNBC’s interview with NASA’s astronauts on their nine months in space

Continue Reading

Technology

Temu halts shipping direct from China as de minimis tariff loophole is cut off

Published

on

By

Temu halts shipping direct from China as de minimis tariff loophole is cut off

Nurphoto | Nurphoto | Getty Images

Chinese bargain retailer Temu changed its business model in the U.S. as the Trump administration’s new rules on low-value shipments took effect Friday.

In recent days, Temu has abruptly shifted its website and app to only display listings for products shipped from U.S.-based warehouses. Items shipped directly from China, which previously blanketed the site, are now labeled as out of stock.

Temu made a name for itself in the U.S. as a destination for ultra-discounted items shipped direct from China, such as $5 sneakers and $1.50 garlic presses. It’s been able to keep prices low because of the so-called de minimis rule, which has allowed items worth $800 or less to enter the country duty-free since 2016.

The loophole expired Friday at 12:01 a.m. EDT as a result of an executive order signed by President Donald Trump in April. Trump briefly suspended the de minimis rule in February before reinstating the provision days later as customs officials struggled to process and collect tariffs on a mountain of low-value packages.

Read more CNBC tech news

The end of de minimis, as well as Trump’s new 145% tariffs on China, has forced Temu to raise prices, suspend its aggressive online advertising push and now alter the selection of goods available to American shoppers to circumvent higher levies.

A Temu spokesperson confirmed to CNBC that all sales in the U.S. are now handled by local sellers and said they are fulfilled “from within the country.” Temu said pricing for U.S. shoppers “remains unchanged.”

“Temu has been actively recruiting U.S. sellers to join the platform,” the spokesperson said. “The move is designed to help local merchants reach more customers and grow their businesses.”

Before the change, shoppers who attempted to purchase Temu products shipped from China were confronted with “import charges” of between 130% and 150%. The fees often cost more than the individual item and more than doubled the price of many orders.

Temu advertises that local products have “no import charges” and “no extra charges upon delivery.”

The company, which is owned by Chinese e-commerce giant PDD Holdings, has gradually built up its inventory in the U.S. over the past year in anticipation of escalating trade tensions and the removal of de minimis.

Shein, which has also benefited from the loophole, moved to raise prices last week. The fast-fashion retailer added a banner at checkout that says, “Tariffs are included in the price you pay. You’ll never have to pay extra at delivery.”

Many third-party sellers on Amazon rely on Chinese manufacturers to source or assemble their products. The company’s Temu competitor, called Amazon Haul, has relied on de minimis to ship products priced at $20 or less directly from China to the U.S.

Amazon said Tuesday following a dustup with the White House that had it considered showing tariff-related costs on Haul products ahead of the de minimis cutoff but that it has since scrapped those plans.

Prior to Trump’s second term in office, the Biden administration had also looked to curtail the provision. Critics of the de minimis provision argue that it harms American businesses and that it facilitates shipments of fentanyl and other illicit substances because, they say, the packages are less likely to be inspected by customs agents.

— CNBC’s Gabrielle Fonrouge contributed to this report.

WATCH: Trump tariffs mean higher prices, big losses for Amazon sellers

Trump tariffs are raising prices on Amazon and threatening to ruin U.S. sellers who source in China

Continue Reading

Technology

Jeff Bezos discloses plan to sell up to $4.8 billion in Amazon stock

Published

on

By

Jeff Bezos discloses plan to sell up to .8 billion in Amazon stock

Jeff Bezos, founder and executive chairman of Amazon and owner of The Washington Post, takes the stage during The New York Times’ annual DealBook Summit, at Jazz at Lincoln Center in New York City, Dec. 4, 2024.

Michael M. Santiago | Getty Images

Amazon founder Jeff Bezos plans to sell up to 25 million shares in the company over the next year, according to a financial filing on Friday.

Bezos, who stepped down as CEO in 2021 but remains Amazon’s top shareholder, is selling the shares as part of a trading plan adopted on March 4, the filing states. The stake would be worth about $4.8 billion at the current price.

The disclosure follows Amazon’s first-quarter earnings report late Thursday. While profit and revenue topped estimates, the company’s forecast for operating income in the current quarter came in below Wall Street’s expectations.

The results show that Amazon is bracing for uncertainty related to President Donald Trump’s sweeping new tariffs. The company landed in the crosshairs of the White House this week over a report that Amazon planned to show shoppers the cost of the tariffs. Trump personally called Bezos to complain, and Amazon clarified that no such change was coming.

Bezos previously offloaded about $13.5 billion worth of Amazon shares last year, marking his first sale of company stock since 2021.

Since handing over the Amazon CEO role to Andy Jassy, Bezos has spent more of his time on his space exploration company, Blue Origin, and his $10 billion climate and biodiversity fund. He’s used Amazon share sales to help fund Blue Origin, as well as the Day One Fund, which he launched in September 2018 to provide education in low-income communities and combat homelessness.

WATCH: Amazon has levers to pull with tariffs

Amazon has 'levers' to pull in tariff war, says strategist

Continue Reading

Trending