TL:DR
- NY Times, a prestigious publisher, partnered with Google to monetize their website.
- NY Times’ website, nytimes.com, displayed malicious ads on their website served by the Google’s ad network.
- NY Times reputation has been damaged and trust diminished among their online readers.
- Google either cannot stop or does not want to stop malvertising. Those are the only two options.
- Google’s reputation is also being tarnished and stockholders are possibly being damaged.
- No official statement from NY Times or Google has been released regarding compensation for damages incurred by this breach.
- Credit monitoring, computer repair, and other damages should be considered for victims of the NY Times/Google malware breach.
- Google is launching a new role in their company – Product Manager, Malvertising Protection.
- Google’s Linkedin job listing lists NO requirements for experience in Network Security, Infosec, Opsec, or any security related background and is based in their “don’t bother us at HQ” Waterloo, Canada office.
THERE ARE ONLY TWO OPTIONS HERE:
- Google cannot stop malvertising.
- Google does not want to stop malvertising
Either way you are automatically entered into the ad game if you are not using a system to protect all your network devices.
Your digital defenses should attempt to block all ads, with particular focus on blocking ads served from programmatic ad exchanges because of the dangers outlined in this article. The recent eGobbler attack, which compromised over 1.16 BILLION ads, is a powerful example of what is happening right now and what we will likely see more of in the future.