DUBLIN — AdSecure has released its 2019 Ad Security Violations Report, revealing that over 27 percent of the scans it carried out last year detected some form of "malvertising."
"'Malvertising' is a global challenge for publishers and their demand partners. While Tier 1 geos will always be a fruitful market for attacks, cyber-criminals also routinely target developing markets that are experiencing growth,” a company representative explained. “While the same malicious ad may be running on opposite sides of the globe, it may only be active in one particular location at a given moment, so dedicated and routine monitoring for worldwide campaigns is key to detecting every threat, wherever they may be hiding.”
AdSecure’s online security solution uses a crawler built around modern browser technology, which analyzes ad creatives and landing pages to detect malicious threats, partner noncompliance, ad quality issues and more, in real-time throughout the advertising flow.
“Auto-downloads and auto-redirects are often the first steps in the delivery of more severe attacks, such as malware or phishing threats, and should be taken seriously when in play,” the rep added. “At the very least they cause poor user experiences when visiting sites or using mobile apps. At worst, the user becomes a victim of something far worse, and will likely never return to the site they blame for causing them harm.”
For this report, AdSecure analyzed over 1 million ad campaigns across multiple regions, devices and browsers for its partners between January 1 through December 31, 2019. Its findings provide insights into cyber-criminal behavior during the year — including where they were most prolific; how they delivered their attacks; their malicious weapons of choice; and what AdSecure’s detections revealed to stop and protect end-users from malicious ads.
The company examined the ratio of all violation detections, focusing on severe security and user experience violations, and found that globally, there was an average of 2,706 violation detections for every 10,000 scans, or 27 percent, which shows "just how prolific bad actors were and continue to be across publishers and ad networks," said the rep.
Among the top five geos for violations detected by AdSecure, Argentina had the highest percentage of Scareware detections at 67.4 percent, with the company finding the U.S., South Africa, France, Argentina and Tunisia were the most-targeted nations.
Browser lockers were responsible for 21 percent of total violations across these geos, with France having the highest proportion at 43.5 percent — almost double the rate of the U.S. and South Africa — while Scareware was the biggest problem, averaging 52 percent among the top five targeted countries.
Malware was responsible for 13.34 percent of violations, with Tunisia being the country suffering the most attacks at 26.7 percent and South Africa at 16.6 percent. Adware represented 10.5 percent of all attacks with Tunisia also topping the top five geos list at 16.3 percent; meanwhile, phishing URLs consisted of 3.12 percent of attacks, with France at 4.2 percent and the U.S. near the 3.5 percent mark.
Among AdSecure's key findings was that countries with smaller online populations are exposed to more violations, with AdSecure’s look at the top 10 geos for violations examining the percentage of each country’s online population versus the percentage of violations. The report revealed that even though Israel has 0.4 percent of the top 10 online populations, it received 7.6 percent of violation attacks; compared to the U.S., with 14 percent of the top 10 population which received 21 percent of violation attacks.
AdSecure also examined the browsers that bad actors used to target their threats and found that on mobile, Google leads with 72.3 percent of violations targeted at Chrome users and on desktop at just under a third of users at 29.9 percent, but it is Safari on the desktop that is the main target for cybercriminals at 33.2 percent.
As for what can be done about this alarming situation, the AdSecure rep noted that frequently monitoring content is the best way for ad operations and compliance teams to ensure that threats can be quickly detected and eliminated before they can harm users or damage revenue streams.
“The impact users have on the digital ads ecosystem is instrumental to its ongoing success,” the rep concluded. “Platform and publisher sites have a duty of care to ensure that each user can engage with content safely and always have an amazing experience when they do.”
AdSecure’s full 2019 Ad Security Violations Report is available here.