Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Advertising. Show all posts
Technology
Advertising AI and Sound AI technology Artificial Intelligence Digital Advertising Marketing Sound Technology Technology

AI in Sounds is Helping Brands Create Their ‘Sonic Identity’


It is now well acknowledged that in the present era, individuals are constantly exposed to fast-moving imagery, be it through social media videos or digital billboards in public places. 

However, Michele Arnese, an advertising entrepreneur believes there has been a similar surge in ‘sounds.’ According to him, brands can only be complete with the help of AI. 

According to Arnese, "More and more the sound of a brand is like liquid[…] It goes everywhere and takes its shape according to the customer experience."

In 2009, Arnese founded the AI-based music company – Amp – based in Munich. The company (now acquired by Landor&Fitch, a WWP advertising subsidiary) uses AI to create a wide range of sounds for businesses, from brief noise bursts when an app launches to extended compositions for things like podcasts and social media videos. The "sonic identity" of a brand is what he refers to as this.

Nowadays, AI has been exemplifying its capabilities, like reimagining films, creating music using the voices of artists, developing architectural drawings and much more. Thus, its significance in the world of advertising is also evident. 

What can AI do for Sound in ‘Advertising’? 

Arnese confirmed that humans have an important role in the company’s process. For instance, his in-house composers create a track called “Sonic DNA” of the brand, that lasts for around 90 seconds. 

The initial task of AI is to ensure that these noises are distinct from those already employed by other businesses. Machine learning can also determine the impact and memorability of the music's trademark patterns.

Arnese argues that once this DNA is formed, the primary function of AI is to enable businesses to produce music on an industrial scale in order to meet the demands of digital channels.

Moreover, AI can produce infinite remixes of music from the provided DNA, serving varied tempos, moods and durations. Also, AI has become an easier and cheaper option for music enthusiasts, than buying individual pieces of music for the thousands of scenarios. 

Arnese says, "These days no brand is on mute[…]Some brands upload a hundred videos to YouTube every week, and we asked ourselves, how can they afford it?"

However, scepticism still lurks in regard to the use of AI being a ‘game-changer’ for the advertising industry. 

Molly Innes from Marketing Week warns that "People put a lot of money into things like the Metaverse, crypto and NFTs, all the things marketers got excited about, and now they've had to backtrack."

She says that many people in the advertising industry are now taking a ‘wait-and-see’ approach to AI, especially because of the lack of money to invest in it. 

Arnese is adamant in his belief that AI will have a significant impact on advertising. He is also against the notion that there will be several job losses due to AI. 

"AI is just another tool to do your job," he says.

"It presents an opportunity to be inspired by something unexpected [that the computer generates] in the creative process, that's how I use it.”

He says, "Ten years ago there was no such job as data scientist in the advertising industry, can you imagine? But now it is part of the normal team set up of an agency.”

"AI is here to stay, but it's not a replacement for humans."  

Read more »
threats
Advertising attacks Business Cloud CyberCrime Cybersecurity Duckport Ducktail Facebook Hijacking Information Linkedin malware Marketing Scams Security SocialEngineering SocialMedia Tactics threats

Vietnamese Cybercriminals Exploit Malvertising to Target Facebook Business Accounts

Cybercriminals associated with the Vietnamese cybercrime ecosystem are exploiting social media platforms, including Meta-owned Facebook, as a means to distribute malware. 

According to Mohammad Kazem Hassan Nejad, a researcher from WithSecure, malicious actors have been utilizing deceptive ads to target victims with various scams and malvertising schemes. This tactic has become even more lucrative with businesses increasingly using social media for advertising, providing attackers with a new type of attack vector – hijacking business accounts.

Over the past year, cyber attacks against Meta Business and Facebook accounts have gained popularity, primarily driven by activity clusters like Ducktail and NodeStealer, known for targeting businesses and individuals operating on Facebook. 

Social engineering plays a crucial role in gaining unauthorized access to user accounts, with victims being approached through platforms such as Facebook, LinkedIn, WhatsApp, and freelance job portals like Upwork. Search engine poisoning is another method employed to promote fake software, including CapCut, Notepad++, OpenAI ChatGPT, Google Bard, and Meta Threads.

Common tactics among these cybercrime groups include the misuse of URL shorteners, the use of Telegram for command-and-control (C2), and legitimate cloud services like Trello, Discord, Dropbox, iCloud, OneDrive, and Mediafire to host malicious payloads.

Ducktail, for instance, employs lures related to branding and marketing projects to infiltrate individuals and businesses on Meta's Business platform. In recent attacks, job and recruitment-related themes have been used to activate infections. 

Potential targets are directed to fraudulent job postings on platforms like Upwork and Freelancer through Facebook ads or LinkedIn InMail. These postings contain links to compromised job description files hosted on cloud storage providers, leading to the deployment of the Ducktail stealer malware.

The Ducktail malware is designed to steal saved session cookies from browsers, with specific code tailored to take over Facebook business accounts. These compromised accounts are sold on underground marketplaces, fetching prices ranging from $15 to $340.

Recent attack sequences observed between February and March 2023 involve the use of shortcut and PowerShell files to download and launch the final malware. The malware has evolved to harvest personal information from various platforms, including X (formerly Twitter), TikTok Business, and Google Ads. It also uses stolen Facebook session cookies to create fraudulent ads and gain elevated privileges.

One of the primary methods used to take over a victim's compromised account involves adding the attacker's email address, changing the password, and locking the victim out of their Facebook account.

The malware has incorporated new features, such as using RestartManager (RM) to kill processes that lock browser databases, a technique commonly found in ransomware. Additionally, the final payload is obfuscated using a loader to dynamically decrypt and execute it, making analysis and detection more challenging.

To hinder analysis efforts, the threat actors use uniquely generated assembly names and rely on SmartAssembly, bloating, and compression to obfuscate the malware.

Researchers from Zscaler also observed instances where the threat actors initiated contact using compromised LinkedIn accounts belonging to users in the digital marketing field, leveraging the authenticity of these accounts to aid in social engineering tactics. This highlights the worm-like propagation of Ducktail, where stolen LinkedIn credentials and cookies are used to log in to victims' accounts and expand their reach.

Ducktail is just one of many Vietnamese threat actors employing shared tools and tactics for fraudulent schemes. A Ducktail copycat known as Duckport, which emerged in late March 2023, engages in information stealing and Meta Business account hijacking. Notably, Duckport differs from Ducktail in terms of Telegram channels used for command and control, source code implementation, and distribution, making them distinct threats.

Duckport employs a unique technique of sending victims links to branded sites related to the impersonated brand or company, redirecting them to download malicious archives from file hosting services. Unlike Ducktail, Duckport replaces Telegram as a channel for passing commands to victims' machines and incorporates additional information stealing and account hijacking capabilities, along with taking screenshots and abusing online note-taking services as part of its command and control chain.

"The Vietnamese-centric element of these threats and high degree of overlaps in terms of capabilities, infrastructure, and victimology suggests active working relationships between various threat actors, shared tooling and TTPs across these threat groups, or a fractured and service-oriented Vietnamese cybercriminal ecosystem (akin to ransomware-as-a-service model) centered around social media platforms such as Facebook," WithSecure said.
Read more »
Social Media
Advertising Android Cyberattacks CyberCrime iOS MAID Privacy Social Media

Your Details are Hidden on this Secret ID on Your Phone

 


The amount of people who want to exploit your private information is staggering, from social media platforms to email providers. It is imperative to remember not only online stores but personal services as well. 

Many online businesses rely heavily on your information, and they pay no attention to customer privacy. You are unknown to most advertisers and marketers. In addition, a Mobile Advertising ID (MAID) identifier is assigned to your behavior, and a history of your activities is gathered. 

With this tiny bit of information, your location, your shopping history, or your recent online searches can be accessed. There were very few factors you could control until recently to block your MAID from marketing campaigns. As a result of Apple's decision, iOS users now can choose who targets them through the app. 

Criminals, however, are likely to generate much greater profits if they can match the ID with the individual. A MAID's ability to defraud you Most companies or advertising agencies would not be able to find out who the MAID belongs to if he or she was not attached to a company. 

In this collection, there are numerous data sets, and there should be no personally identifiable information (PII) included in the collection. Vice's Motherboard wrote about one company that offers the tracking of MAIDs with the PII associated with each of them. 

The use of mobile phones in everyday life poses a considerable amount of privacy risk, which is a major concern. Your MAID can be linked to the following information that can be provided by the company:
  • Full name
  • Physical address
  • Phone number
  • Email address
  • IP address
There should be a red flag raised for everyone after it was revealed that data brokers are capable of integrating advertising IDs with mobile phone numbers.
Read more »
United States
Advertising Cyber Fraud fake websites Russia Scam United States

Russian Man Convicted of $7 Million Digital Advertising Scam

 

A Russian person was found guilty in the United States of using a bot farm and hiring servers to create fraudulent internet traffic on media sites, causing businesses to pay inflated advertising rates. 

Prosecutors said Aleksandr Zhukov, 41, was the brains of the Methbot operation, in which 1,900 servers were used to generate millions of bogus online ad views on websites such as the New York Times and the Wall Street Journal. According to the US, Zhukov gained $7 million from the scheme and channeled the money into offshore accounts around the world, citing a text in which he referred to himself as the "King of Fraud." 

The group allegedly called their plan "Metan," which is the Russian term for methane, while the FBI and prosecutors referred to it as Methbot, and later as Media Methane, which was the name of Zhukov's company with operations in Russia and Bulgaria. 

Zhukov and his colleagues negotiated deals with advertising networks to display their ads on websites, then received a commission for each ad that was viewed. According to prosecution filings, Zhukov and his collaborators instead established bogus sites and manipulated data centres to produce false users to make it appear like actual people were viewing the ads from September 2014 to December 2016.

"Zhukov represented to others that he ran a legitimate ad network that delivered advertisements to real human internet users accessing real internet web pages," according to a superseding indictment filed on February 12, 2020. 

"In fact, Zhukov faked both the users and the webpages: he and his co-conspirators programmed computers that they had rented from commercial data centers in the United States and elsewhere to load advertisements on fabricated webpages, via an automated program, in order to fraudulently obtain digital advertising revenue," it says. 

Victims of the scheme "included The New York Times, The New York Post, Comcast, Nestle Purina, the Texas Scottish Rite Hospital for Children, and Time Warner Cable," the Department of Justice said in a news release. 

On a temporary US arrest order, Zhukov was arrested in Bulgaria in November 2018. In January 2019, he was extradited to the United States and pleaded not guilty to the accusations against him.
Read more »
Tag Barnakle
Advertising Confiant Hackers Malicious Ad malware Tag Barnakle

Tag Barnakle Targets Various Web Servers with Malicious Ads

 

In a persistent campaign that features malicious ads on tens of millions, if not hundreds of millions, computers, the criminals have infiltrated more than 120 ad servers and introduced malicious code to legitimate announcements that redirect visitors to sites that promote malware and fraud. This has been going on since the past year, thus attracting benign devices in all external appearances. The malicious activity group behind this campaign is identified by the name Tag Barnakle.

Malvertising is the phenomenon of advertising while the viewers are visiting trustworthy websites. The advertising includes JavaScript that exploits software faults surreptitiously and attempts to make tourists download an unsafe application, pay computer support charges fraudulently or perform other dangerous acts. In general, Internet fraudsters pose as shoppers and pay ad distribution networks for malicious advertising to be shown on individual pages. 

Resources are needed to infiltrate the ad ecosystem as a legitimate buyer. Firstly, scammers need to spend time studying the functioning of the industry and then create a reputable entity. The strategy also calls for the payment of money for space to display malicious advertising. Though this is not the method used by a malvertising group called Tag Barnakle. 

“Tag Barnakle, on the other hand, can bypass this initial hurdle completely by going straight for the jugular—mass compromise of ad serving infrastructure,” Confiant researcher Eliya Stein wrote in a blog. “Likely, they’re also able to boast an ROI [return on investment] that would eclipse their rivals as they don’t need to spend a dime to run ad campaigns.” 

Over the previous year, Tag Barnakle infected  more than 120 servers running Revive, an open-source application for companies who want to run their ad server instead of a third-party provider. Once an advertising server has been hacked, Tag Barnakle loads it with a malicious payload. The group does not use customer fingerprint identification to recognize the most enticing targets, to assure the malicious ads are received only in limited numbers. The servers which supply the targets with a secondary payload also use coating techniques to ensure they also fly below the radar.

As Confiant posted on Tag Barnakle last year, the community found that about 60 Revive servers had been compromised. This feature allowed the group to distribute advertising on over 360 web assets. The commercials have triggered fake Adobe Flash updates that install malware on desktop computers while it is running. Tag Barnakle targets both iPhone and Android customers this time. Web pages receiving an ad from an affected server provide extremely confused JavaScript to decide if a visitor uses an iPhone or Android smartphone. 

The advertisements are mainly aimed at highlighting fake protection, safety, or VPN apps with secret subscription fees or “siphon off traffic for nefarious ends.” The advertising may also be extended to thousands of individual websites with ad servers frequently combined with several publicity exchanges. Confident does not know how many terminal users are comprised but the company considers the number to be huge.
Read more »
Subscribe to: Posts (Atom)