2021 has been a challenging year, not only with the continuing issues caused by the pandemic but also with continued threats from bad actors as our digital transformation with more technological innovations continues to affect our daily online lives. Here are our ad security predictions for 2022 where we look at 4 big events from 2021, which will provide further opportunities for cyber criminals using the online advertising ecosystem to reach unsuspecting internet users with new, inventive ways of exploitation.
Netflix’s smash hit brings out the worst in cyber criminals to deceive consumers and steal personal data
Hackers routinely take advantage of the latest craze. The Netflix smash hit "Squid Game'' was a global success with 142 million Netflix members watching the series within the first four weeks of release and the media coverage further hyping the series. The Squid Game phenomenon shows no signs of slowing down, which indicates that this is going to be a golden opportunity for cybercriminals to take advantage of this global craze. Hackers are setting up fraudulent online Squid Game themed scams to exploit internet users. Here are some tricks that scammers could possibly use in 2022 to will possibly keep using in the next year:
Fake eCommerce: Scammers can use campaign creatives to direct users to fake Squid Game costume and merchandising stores with the objective of stealing users' personal data and credit/debit card information if a purchase is made. Tip! Try to get more information about the domain owner or the domain creation date before making any purchases. If the domain is only a few weeks old and it's not possible to verify the owner's commercial history, it is likely to be a scam.
Trojan programs: The antivirus provider Kaspersky has discovered Trojan programs that once installed can download additional malware onto a victims device. Hackers seed malicious files or phishing scams on the web with names mentioning "Squid Game", pretending to be part of the hit TV show. One of the cybercriminals' schemes worked as follows: the victim was allegedly shown an animated version of the first game from the series, while simultaneously, a Trojan was invisibly launched that could steal data from users’ various browsers and send it back to the attackers server,” Kaspersky says. “A shortcut was also created in one of the folders, which could be used to launch the Trojan every time the system was started.” The antivirus provider also noticed one Trojan targeting smartphones by masquerading as an app to watch a Squid Game episode. “This Trojan is distributed in unofficial app stores and various portals under the guise of other popular applications, games, and books.” Tip! Be very wary of any ad campaigns using Squid Game as an ad creative. For ad networks particularly, this will probably be a copyright infringement
Ransomware-as-a-service (RaaS) will be a booming business model for cyber criminals
Ransomware is a type of malware designed by malicious actors to encrypt the critical information of users or organisations and then blocking access to this data unless a ransom is paid. According to Ransomware Attack Statistics 2021 – Growth & Analytics, the number of ransomware attacks nearly doubled in the first half of 2021, with 1097 organizations in 63 countries hit by ransomware. The biggest victim of the year was the Colonial Pipeline, the US pipeline giant who paid the requested ransom of 75 bitcoins or $4.4 million within several hours after the attack. It seems that cybercriminal groups like Darkside, the organisation behind the attack, are getting more and more professional and organized in this "business". They even have a dedicated marketing team that advertises the ability to rent or sell their hacking software and services to those who want to perform cyber attacks and exploit unsuspecting victims, which is called by cybersecurity experts Ransomware-as-a-service (RaaS).
The malware cyber attacks driven by this business model is expected to increase as more and more business channels are going digital. Additionally, with remote working becoming normalised in many businesses and industries, most companies are likely to invest more in IT departments to develop new and more efficient ways of managing employees, devices, and critical company data. This might expose them to cyber security risks and more vulnerability, because these criminals are constantly searching for weaknesses in these systems.
It’s not just large companies and industries being targeted with this type of attack. Individual internet users also need to be vigilant for this type of attack. AdSecure's Violations Report for Q1 & Q2 in 2021 detected that 68.6% of all Ransomware detections came from 6 GEOs: USA, UK, Germany, Spain, India and Brazil. Tip! Publishers and Ad Server platforms should work with a 360 degree ad security platform like AdSecure to ensure Randsomware is detected and removed immediately from their ad supply chain before it reaches end users.
GitHub Actions are abused by attackers to mine cryptocurrency
Even though Drive by Cryptocurrency mining is not a new phenomenon, it hasn't seen any sign of slowing down in 2021, therefore in 2022 it will continue to be a threat to end users. The series of attacks carried out by the cybercriminals against GitHub's server infrustructure for illegal crypto-mining operations have brought the growing cryptocurrency mining topic back to the public's attention again.
According to a Dutch security engineer Justin Perdok, who was abused in this attack, these bad actors specifically target GitHub project owners who have automated workflows. They add the malicious Github Actions code to the repositories forked from the legitimate ones, then create a Pull Request to merge the code back to the original repository. Once the malicious Pull Request is filed, GitHub’s systems will read the attacker’s code and launch a virtual machine that downloads and runs cryptocurrency-mining software on GitHub’s infrastructure.
GitHub is not the only victim, many cryptocurrency miners use browser locker tactics and inject the scripts into ads to target individual devices. When an end user clicks on such an ad, it disables any action an end user takes to close the browser, essentially locking the user's device. This is when cyber criminals use the CPU power of the end user’s devices to secretly mine for cryptocurrencies without the owner’s consent or knowledge. In drive-by cryptocurrency mining, normally there is no malware infection at the end of the chain. However, this is not the kind of web experience people sign up for.
Colin Chartier, CEO of DevOps platform LayerCI explains: "As the market capitalization of cryptocurrency surged from $190 billion in January of 2020 to $2 trillion in April of 2021, it's become profitable for bad actors to make a full time job of attacking the free tiers of platform-as-a-service providers", therefore all platforms and individuals should take heed of their system infrastructure or devices and avoid being victims of these malicious attackers who crave the free coins.
Tip! According to our Violations Report for Q1 & Q2 of 2021, the US was a top target for drive by cryptomining, this GEO accounted for 16.1% of all drive by cryptomining detections. Publishers and Ad Networks can detect and stop this type of violation to ensure end users are not benign exploited by this popular cyber crime by using AdSecure.
Zuckerberg sees the Metaverse as the next generation of the Internet, which will lead to new ad placements and formats in the virtual world
Facebook was renamed as Meta, on 28th October 2021. This move shows that the biggest social media platform is transferring its new focus from social network to metaverse. The metaverse is described as a fully immersive online realm that looks similar to the real world, which allows people to be present with each other in a virtual environment. This change will lead lots of businesses and marketers to focus on VR products, such as VR games, VR fitness apps and so on. As a consequence, advertisers and publishers will look for new ways to match consumer willingness to experiment with these new digital-physical experiences and products. Thus, new ad placements and ad formats will arise due to the increasing needs of the consumer.
You can already picture a shoppable video ad popping up in a 360° virtual showroom or store, where users can interact with the call-to-actions that allows them to make direct purchases. This can be just one of the limitless forms that future advertisers can use to promote their products. And it’s not just Facebook that is getting into the Metaverse, two other companies: Decentraland and The Sandbox are also getting into the business of creating Metaverses. With all this hype, we can expect to see significant investment in this new concept as Metaverses become a new marketplace for both personal data and commerce. Driven by Crytocurrency payments for avatars, metaverse land and virtual products such as NFTs, there is no doubt that cybercriminals will also make use of the opportunity to cash in with this new world with new types of advertising formats. To protect against privacy breaches, fraudulent activities, and malicious attacks in the virtual world, new cyber security structures will definitely be required.
Conclusion
Every year, new digital innovations, ad formats and platforms breakthrough. And we are in the era where human technology evolution is going faster and faster. But wherever there is an upside, there is always a downside and this comes from cyber criminal activity using these technologies to exploit unsuspecting users. As part of the ad ecosystem, each of us has the responsibility to contribute to a safer and friendlier cyberspace to protect each other. Publishers and the ad tech industry always need to be aware of the potential threats that could harm their businesses as well as their end users, and that's why it is essential to use an ad security solution that is powered by modern technology, like AdSecure to stay one step ahead of the cybercriminals.