AdSecure's online security solution uses a crawler built around modern browser technology, that then analyses ad creatives and landing pages to detect malicious threats, non-compliance and ad quality issues in real-time throughout the advertising flow.
For this report AdSecure analysed more than 1 million ad campaigns across multiple regions, devices, and browsers for partners between 1st January to 31st December 2019. These findings provide insights into cyber-criminal behaviour throughout the year: Where they were most prolific, how they delivered their attacks, their malicious weapons of choice, and what AdSecure's detections revealed in order to stop and protect end users from malicious ads.
Top 10 GEO’s with the highest violations
AdSecure examined which countries received the most threats for security violations, auto-downloads and auto-redirects. With the USA being the favourite GEO of cyber criminals, South Africa was second with just over half the amount of violations targeted at the USA. In the graph below you can see the percentages of the top 10 GEOs as a whole.
“Countries with smaller online populations are exposed to more violations.”
Looking at each of the top 10 countries for violations, AdSecure researched how many people in each country’s population were internet users. Then this was cross referenced against the number of violation attacks per country to see the ratio of population versus the number of violations targeted at that country's population. In the image below you can see that even though Israel has 0.4% of the top 10 online population, AdSecure detected 7.6% of violation attacks, compared to the USA with 14% of the top 10 population where AdSecure detected 21% of violation attacks.
Note: Total online population 1,976,130,316 for AdSecure’s top 10 GEOs (statistics taken from Internet World Stats)
“In the top 5 GEOs for violations detected by AdSecure, Argentina had the highest percentage of Scareware detections at 67.4%.”
Top 5 GEO’s security violations breakdown
AdSecure delved deeper into 2019 data to look at the top 5 GEOs in more detail and examine what severe security violations they were being targeted with:
Browser lockers were responsible for 21% of total violations in our Top 5 GEOs with France having the highest proportion at 43.5%, almost double the USA & South Africa
Scareware was by far the biggest at 52% of our Top 5 GEOs with Argentina having the highest percentage of Scareware at 67.4%.
Malware was at 13.38%, with Tunisia being the country suffering the most attacks at 26.7% and South Africa at 16.6%. Adware represented 3.125% of all attacks with Tunisia also topping our top 5 GEO list at 16.3% .
Phishing URL consisted of 10.5% with France leading at at 4.2%, South Africa and USA around the 3.5% mark.
Global browser percentages
Now looking globally, AdSecure examined the detections on what browsers bad actors used to target their threats to end users.
On mobile Google leads with 72.3% of violations targeted at Chrome users and on desktop just under a third at 29.9%, but it is Safari on desktop that is the main target for cyber criminals at 33.2%.
"27.06% of scans carried out by AdSecure in 2019 detected some form of Malvertising."
Global detections
AdSecure looked at the ratio of all violation detections (severe security and user experience violations). Globally, there was an average of 2,706 violation detections every 10,000 scans, that’s 27.06%, which shows just how prolific bad actors were and continue to be across publisher and ad network platforms. Looking at this data Scareware and Auto downloads were the preferred scams of cyber criminals.
Please note: Cyber criminals sometimes attempt several threats in one digital ad flow. For example inside the ad format creative and in the landing page the ad redirects to, then the bad actor also locks the user on the landing page whilst malware automatically downloads to the victim’s device. As you can see in the chart below 1.11% of scans detected at least 3 violations.
The key takeaways
- Malvertising is a global challenge for publishers and their demand partners. While Tier 1 GEOs will always be a fruitful market for cyber criminals to launch attacks, they also routinely target developing markets that are experiencing growth. While the same malicious ad may be running on opposite sides of the globe, it may only be active in one particular location at a given moment in time. Dedicated and routine monitoring for worldwide campaigns is key to detecting every threat, wherever they may be hiding.
- Auto-downloads & Auto-redirects are often the first step in the delivery of more severe attacks, such as malware or phishing threats, and as such should be taken seriously when in play. At the very least they are the cause of a poor user experience when visiting sites or using mobile apps. At worst the user becomes a victim of something far worse, and will likely never return to the site they blame for causing them harm.
- Dedication to frequently monitoring content is the best way for ad operations and compliance teams to ensure threats can be quickly detected and eliminated before they can harm users or damage revenue streams. The impact users have on the digital ads ecosystem is instrumental to its ongoing success. Platform and publisher sites have a duty of care to ensure that each user can engage with content safely, and always have an amazing experience when they do.
