{"id":1499,"date":"2025-01-13T19:42:17","date_gmt":"2025-01-13T19:42:17","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1499"},"modified":"2025-01-13T19:42:17","modified_gmt":"2025-01-13T19:42:17","slug":"hotel-chain-ditches-google-search-for-duckduckgo-subjected-to-fraud-attempts-daily","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1499","title":{"rendered":"Hotel chain ditches Google search for DuckDuckGo \u2014 \u2018subjected to fraud attempts daily\u2019"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>At the end of 2021, Nordic Choice Hotels, now renamed Strawberry, was hit by a major ransomware attack that paralyzed operations for just over a week. Everything had to be done manually, says Martin Belak, who is responsible for the hotel chain\u2019s technical security.<\/p>\n<p>\u201cThe receptionists worked with whiteboards to keep track of which rooms were booked,\u201d Belak says.<\/p>\n<p>The attack prompted Strawberry to accelerate its transition from its Windows environment to a Chrome OS environment in record time, migrating 4,000 devices in a week.<\/p>\n<p>\u201cWe are Google-heavy and have the entire Google Workspace. We are a large customer and have a close relationship,\u201d says Belak.<\/p>\n<p>But while he thinks Google\u2019s tools work very well, there is something that rubs him the wrong way, a stone in the sand, and that is Google\u2019s search service and the lack of control over Google\u2019s advertising service.<\/p>\n<p>\u201cThe biggest problem is that Google does not verify which advertisers are allowed to have paid search positions. They do not check authenticity or do background checks, which means they allow both legal and criminal actors,\u201d says Belak.<\/p>\n<p>Anyone who searches for, for example, a supplier in the search field risks ending up on a purchased page posted by a criminal actor \u2014 a technique commonly referred to as <a href=\"https:\/\/www.csoonline.com\/article\/567045\/what-is-malvertising-and-how-you-can-protect-against-it.html\">malvertising<\/a>.<\/p>\n<p>\u201cThe criminals buy keywords and create fake landing pages that are identical to legitimate ones and also make sure that the URLs are similar to the real URLs. We are exposed to this type of fraud attempt every day. Fortunately, our security layers catch most of them, but those that get through cost us both trust and money. We need to compensate victims, while also handling the administrative costs of reporting the incidents to the Swedish Authority for Privacy Protection,\u201d says Martin Belak.<\/p>\n<h2 class=\"wp-block-heading\">Enough is enough<\/h2>\n<p>Strawberry has tried several times to report the problems to Google but has not been able to reach the right authority because their contacts are not within the advertising business.<\/p>\n<p>And they\u2019re not alone in pointing out the problems. Two years ago, the <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/fbi-warns-of-imitation-ads-in-paid-search-results\">FBI warned about this type of scam<\/a> that\u2019s being carried out through purchased ads, but nothing has happened since then. Security vendor Netskope recently reported that, according to its telemetry, <a href=\"https:\/\/www.csoonline.com\/article\/3801010\/phishing-click-rates-tripled-in-2024-despite-user-training.html\">phishing click rates tripled in 2024<\/a>, with SEO poisoning and malvertising part of reason for the alarming rise, as cybercriminal move their operations outside the inbox.<\/p>\n<p>For Strawberry, this has now led to changing the default search engine in Chrome to DuckDuckGo before Christmas, where the ad function has also been turned off as extra protection.<\/p>\n<p>\u201cIt\u2019s a bit ironic because we ourselves are dependent on Google ads, so it may seem like we\u2019re shooting ourselves in the foot. But there has to be a balance where they make sure to validate the ads as well and don\u2019t allow ads to be designed so that you enter a URL that isn\u2019t the one you end up on. It\u2019s incredibly strange,\u201d says Belak.<\/p>\n<p>He is also clear that it is not Google as a whole that Strawberry is unhappy with, instead pointing to how other parts of the company\u2019s operations work hard on cybersecurity \u2014 such as monitoring cloud services, blocking third parties in the browser, and so on.<\/p>\n<p>\u201cThey invest billions in cybersecurity in their other businesses but not when it comes to advertising and it becomes very strange for me as a customer,\u201d he says.<\/p>\n<h2 class=\"wp-block-heading\">Hope to create debate<\/h2>\n<p>Martin Belak doesn\u2019t have high hopes that Strawberry\u2019s decision to stop using Google\u2019s search service will affect Google beyond creating some debate.<\/p>\n<p>He emphasizes that this is also not a problem that can be solved with two-factor authentication and the like, because fraudsters today intercept the tokens that are generated in real-time, automatically. Moreover, Google isn\u2019t the only company dealing with this issue, which other companies doing a better job establishing control, he says.<\/p>\n<p>\u201cWhy can\u2019t they verify their advertisers when Apple can review the apps that go into the App Store? We are a small player, but now we have put a finger in their eye and see what it leads to,\u201d Belak says.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>At the end of 2021, Nordic Choice Hotels, now renamed Strawberry, was hit by a major ransomware attack that paralyzed operations for just over a week. Everything had to be done manually, says Martin Belak, who is responsible for the hotel chain\u2019s technical security. \u201cThe receptionists worked with whiteboards to keep track of which rooms [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":1500,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1499","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1499"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1499"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1499\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1500"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}