Each year new digital marketing technologies, ad formats and content platforms breakthrough. But wherever there is a positive, there is always a negative and this comes from cyber criminal activity using these technologies to exploit end users. Looking at what will be big in 2020, Bryan Taylor, Sales Manager at AdSecure shares his top four ad tech predictions and how bad actors could manipulate them.
Technology drives ad tech and cyber criminals exploit that technology
Each year technology advances and no more so than in content delivery and ad tech. Publishers producing content for websites, apps, connected TV need advertising revenue to monetise that content. As technology evolves, so too does cyber criminal activity, these bad actors are highly tech savvy producing malvertising opportunities to unleash on the end user. It should come as no surprise to anyone involved in the digital advertising ecosystem that fraudsters are always looking for new methods to target users with sophisticated digital attacks. As soon as innovative new ways of engaging with users are developed, cyber criminals aren't far behind with a method for exploiting these innovations, particularly when there's money to be made. For example in early 2019 push notification ads were growing in popularity, a new threat to user security that capitalised on the push notification flow itself was unleashed by cyber criminals: push lockers - which trapped unsuspecting end users who tried to opt out of a push notification causing the serving of endless, annoying looping push notification permission requests.
So as we enter 2020 with new technologies being adopted let's look at four ad security predictions and what potential opportunities cyber criminals will have to exploit end users.
Potential threats in augmented reality ads
Augmented Reality (AR) isn't a new concept, but it's very much exploded in popularity in the last few years, with increased use on various social media platforms, and the massive success of Nintendo's "Pokemon Go!" mobile gaming app. Up until recently AR experiences required apps to deliver them, but with the emergence of WebAR technology, that's all changing. WebAR allows users to have AR experiences directly via a web browser, without the need for a specific app, and it's easily run across browsers on Android, iOS, Windows or Mac systems. WebAR provides the advertising ecosystem with a great new playground to reach users with more immersive branding experiences, but as AR ads grow in both exposure and profitability, it won't take long for cyber criminals to start exploiting the user interaction, either.
The threat opportunity: Third party WebAR ad delivery is already being employed by ad networks and exchanges, and as WebAR is usually delivered via URLs, it's entirely possible to trick a user into clicking a call to action button in an AR ad that redirects them to a malicious landing page, or click on a special offer that implements a phishing attack.
Programmatic DOOH attracts threat actors
Ever seen a big digital screen while wandering about town that displays a different ad every few minutes? That's digital out of home (DOOH) advertising, a $7.7 billion market, that's been trending toward programmatic.
The threat opportunity: We've already seen threat actors move toward programmatic when it exploded in the online advertising ecosystem, and it's entirely possible the same trend will occur with DOOH ads, though the goals might be different. Rather than a profit motive, threat actors looking to hijack digital billboards will more likely be aiming to present subversive political messages, or take the opportunity to deliver offensive, adult content to everyone within eyeshot, mainly for laughs. Basically, the threat actor equivalent of trolling is a real possibility.
As more and more users abandon traditional broadcast television for streaming platforms available on connected devices, many platforms are beginning to monetize by providing precisely targeted advertising for viewers, often employing programmatic delivery.
The threat opportunity: As these ads themselves are web based, they can be just as open to the exploit methods employed by today's threat actors as any other digital ad, and will require digital security solutions capable of monitoring for threats and ad quality problems that can put user security and experience at risk.
Voice search is set to explode next year. According to ComScore, over 50% of the searches in 2020 will be from voice search and voice-based shopping is expected to jump to a market value of $40 billion by 2022. Amazon is shipping more and more products in its Echo series along with voice devices from Google and Apple, we can expect to see more purchases of these devices over the 2019 Christmas season. Grocery shopping already accounts for more than 20% of voice-based orders, 25% of the queries on Android devices are voice-based and 55% of teenagers are using voice search on a daily basis. This raises two important ways to drive consumer search and purchase using voice: Paid for recommendations of related products when a voice search for a type of product is said and traditional digital ads driving voice search purchases, for example, a banner ads call to action: "search for these shoes using voice and get a 20% discount with the words SHOESALE."
The threat opportunity: In March 2019 criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of €220,000 ($243,000) in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking. The CEO of a U.K. based energy firm thought he was speaking on the phone with his boss, the chief executive of the firm's German parent company, who asked him to send the funds to a Hungarian supplier. The caller said the request was urgent, directing the executive to pay within an hour. As consumers adopt voice search and voice triggered ads and offers, cyber criminals too can now exploit voice technology and this could be used as a way of fooling consumers into agreeing to accept something which leads to a take over of their device.
Publishers and the ad tech industry need to be aware of these potential threats to protect their end users. Building online trust with end users can be instantly shattered if highly damaging or annoying malvertising is served to them. That is why it is imperative that publishers, ad networks and ad operations teams use an ad security solution that uses technology to stay one step ahead of the cyber criminals.
Ad tech news program The Additive interviewed Bryan Taylor about his prediction which you can see here.