One out of every hundred online advertisements is infected with malvertising · 2019-06-21 16:20 by Susie Concannon
The IT company Confiant has reported in their current Q1 2019 Demand Quality Report that almost every hundredth ad impression that users see is infected with malvertising, and that the risk of infection is higher on the weekend and especially on holidays. The basis for these numbers is the result of an analysis of over 100 billion ad impressions during the time period between Q4/2018 and Q1/2019.
Malvertising is a specific term for innocuous-seeming internet advertisements that try to execute and load damaging program code in the background. In some cases, a website visitor does not even have to click on an advertisement in order to be infiltrated by a ‘drive-by-download’. An extenuated variant of malvertising directs web users unwillingly to unwanted websites with questionable contests and gambling games or even offers that might be harmful to children, and where again similar security risks can arise.
As Confiant ascertained, on almost every fifth internet site there exists the risk of coming in contact with Malvertisting. This statement is based on the fact that on average users see 4-5 advertisements per website.
It’s interesting to note that Confiant determined a seasonal decline in malvertising. It is possible that this is in relation to the increasing use and acceptance of the new ads.txt standard (ads(.txt) is the acronym for Authorized Digital Sellers, a quite new standard to prevent ad fraud and validate legitimate advertisers). Though, whether the overall result is because of a long-term trend or a seasonal deviation is still to be determined. Despite this variation, however, the infection rates remain at a very high level.
Another interesting finding from the Confiant report claims that criminals often specifically use Sundays and Holidays for targeted malvertising dissemination. One reason for this is certainly that during the workweek the majority of website visits come from the workplace, and these computers and machines are generally better protected than those at home.
Confiant also examined in its Q1 2019 Demand Quality Report which components of the online advertising ecosystem are of particular vulnerability. Thus, it was shown that with certain Supply-Side-Platforms (SSPs) there is a 67-fold increased risk of malvertising infection. SSP providers form the interface for real-time bidding, which is a kind of auction exchange in the online-advertising trade. These providers are regarded as a particularly popular gateway for malvertising because it is technically very complicated to check the mass of advertisements in real time for malvertising. Thus, 60% of the security incidents in the report were distributed among only three SSP providers. The providers in point, however, were not clarified in the Confiant report.
In order to protect themselves from malvertising, users should always keep their operating system and installed software, such as the browser and plug-ins, up to date. This reduces, for example, the risk of attacks from drive-by downloads or even by known security vulnerabilities. Of course, you can also protect yourself from malvertising with an ad blocker like Adblock Plus, which by removing ads also protects against a great deal of possible contaminations that would infiltrate through said ads. It’s a valuable safety addition.
In short, it’s important to stay protected and to be aware of Malvertising.