Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Michael Tiffany, Co-Founder and President
at White Ops
Mass Social Media Manipulation, Identity Harvesting and New Types of Fraud
2019 proved to be a positive year in the fight
against ad fraud. Research
uncovered that the total amount lost to fraud this year will be down 11%
from the same study a couple years ago. That said, it's still a $5.8 billion
problem, and while progress is good, more progress is better. Less
sophisticated cybercriminals abandoned their fraud schemes this year, but that
leaves the smartest fraudsters still out there for us to find.
We saw larger nation states weaponizing social
media channels and platforms to influence large groups of people. The rise of
internet-connected TV (CTV) created new avenues for fraudsters to explore and
exploit. As defense tactics evolve to combat new threats, cybercriminals are in
turn getting smarter. Some are even returning to their old tricks.
In thinking through what transpired in 2019,
here are my top predictions for 2020:
The Ability to Manipulate Social Media at Scale Will Be
Democratized
We have already seen how nation states can
weaponize social media platforms to influence different groups of people. In
2020, the ability to do mass social media manipulation will democratize. What
started with elite nation states will become increasingly available to others,
including breakaway states and transnational groups. Key to this
democratization is the use of bots. With an army of bots, especially botnets
built out of real people's computers, anything can be made to look popular.
Today, cybercriminals use that capability to make money in ad fraud, by selling
visits (or plays or installs... bots can be programmed to take any action you pay
them for). Want your website to be more popular? Pay a botnet to get visits
from all over the world. Or get the bots to play your new song, or to reshare
your content, or add a comment. You can see how the same technique could be
used to make extreme propaganda look popular, to make it look like it's
trending, to make it look recommendable. And the people who want to put out
that propaganda don't need to know how to run a botnet themselves; they just
need to find and pay the same botnet operators doing ad fraud. Botnets can't
make propaganda, but they can amplify it across the world.
As platforms raise new defenses against fraud,
cybercriminals will shift their focus to softer targets, not giving up until
the defenses are raised everywhere
Successful botnet operators adapt and evolve
their bots to go undetected. Over time, the bots become more lifelike and
easier to detect. And, unless they get shut down and arrested, smart botnet
operators leave the platforms that catch them and swarm to the platforms that
can't. This is exactly what we have seen in ad fraud. And, of course, the same
principle applies to fake plays, fake listens, and social media manipulation.
I also spent time talking to my fellow Humans
at White Ops, diving into their reflections from 2019 and what they think is
ahead in 2020. Here are their thoughts:
Tamer
Hassan, Co-founder and CEO: As
Organizations Shift to Identity Targeting, Cybercriminals Will Harvest False
Identities
Cybercriminals have witnessed how dependent
organizations have become on identity targeting, therein lies the opportunity.
In 2020, identification will become harder as cybercriminals start to leverage
identity targeting to harvest and sell bot identities. Cybercriminals are
mastering both how to look more human-like and how to look like more humans. As
part of this process, identity harvesting will emerge in a big way. This will
entail growing an identity for an extended period of time, eventually creating
millions of fake users who can talk and interact with one another. For example,
fake social media accounts could be linked to posting fake reviews, and even
fraudulent credit cards and bank accounts. Consumers will rely more on brands
to police these fake profiles and fake account networks while organizations
must utilize technology to combat accounts that are negatively impacting their
brand and network.
Jonathan
Tomek, Manager, Detection: Old Tech Tools
Will be Used to Commit New Types of Fraud
Even with all the next-gen technology
available, some cybercriminals are still turning to old tricks to commit fraud.
In 2020 we can expect to see bad actors using devices such as VPN's to make it
virtually impossible to trace where they are located. We are also seeing a
technique called "monkey-patching," generally used in software testing to allow
developers to shut off certain aspects of software, being repurposed for
fraudulent purposes, such as disabling "close" buttons on pop-up ads.
##
About the Author
Michael Tiffany is the least talented
person at White Ops. He cofounded the company to attract the kind of people who
wow him, and to focus their energy on a new way of protecting people in the
interconnected future. Michael's founding vision for White Ops is to make
people more secure by making them less attractive targets, by disrupting the
profit centers of cybercrime. Tiffany is also a lifetime Technical Fellow of
Critical Assets Labs, a DARPA-funded cyber-security research lab, and a Subject
Matter Advisor for the Signal Media Project, a nonprofit promoting the accurate
portrayal of science, technology and history in popular media. And he is a
member of the old school white hat hacker collective ninjas.org.