Read this report to find out about worldwide malvertiser activity in Q3 2023 and learn how to protect end users against online threats! Are you looking to prevent bad quality ads affecting your website or are you wondering how to stop them damaging your online brand reputation? To help you we have run over 60 million scans to monitor client ad supply chains. In this edition of the AdSecure violations report Q3 2023, we will give you useful insights into malvertiser activity during the 3d quarter of the year. Our goal is to help you better understand cybercriminal behavior and how to stop bad actors from affecting your end users with AdSecure: Your best ally to monitor and protect your ad tech supply chain, stopping bad ads pre and post launch, in real time. Let’s take a look at malvertiser activity and trends in July to September 2023, and how this compares to Q2:
Almost 1 in 60 scans detected 4 or more violations in a malicious ad campaign
In order to give you insights on worldwide malvertiser activity in Q3 2023 to help you prevent bad quality ads affecting your website or ad network's reputation, we analyzed malvertiser activity during the quarter and compared it to Q2 2023, and we found out that 22.1% of all ads analyzed contained at least one violation. Here’s the breakdown of all ad compliance and security violations detected if we compare Q2 to Q3 2023:
As we can see, there have been some decreases in worldwide malvertiser activity in Q3 2023, which means that malvertisers are potentially getting somewhat discouraged upon seeing their online threat attempts being prevented by the AdSecure system. Still, almost 1 in 60 scans detected 4 or more violations in each single malicious ad campaign, which means that it is still important to keep an alert eye on your ad supply chain and use specialized detection software in order to stop bad ads damaging your online brand reputation.
Top 10 detections: Worldwide malvertiser activity in Q3 2023
As we can see below, of all the top 10 violations detected in Q3, 5 were in the User Experience category, 2 in the User Security category, and 3 in the User Advisory detections:
Landing-page-error (User Experience) 35.1%
Ssl-non-compliant (User Security) 20.5%
Suspicious-tld (User Advisory) 14.8%
Unsafe-content-adult (User Advisory) 8.9%
Back-button-hijack (User Experience) 7.6%
Javascript-dialog-on-entry (User Experience) 4.4%
Threat-intelligence (User Advisory) 2.9%
Permission-notification (User Experience) 2.6%
Malicious-url-virustotal (User Security) 2.0%
Auto-redirect (User Experience) 1.2%
Insight: Comparing malvertiser activity in quarter 3 2023 to quarter 2, we can see a pretty steep decrease in Threat-intelligence detections, which were in second place amongst the top violations in Q2, being 16.6% of all top 10 violations. In Q3, this detection is in 7th place with 2.9% presence, which is a -82.5% decrease in Threat-intelligence violations! AdSecure’s Threat-intelligence tool performs a behavioral analysis on specific URLs to estimate the probability and the severity of violations, so that potential risks can be eliminated before going live, making it a crucial tool to maintain compliant ad campaigns. On the other hand, Landing-page-error has gone from 3d place (13.5%) in Q2 2023 to 1st place (35.10%) in Q3, so it could well be that malvertisers have switched tactics upon seeing that their efforts were frustrated with the Threat-intelligence detection tool!
Q2 to Q3 comparison on malvertiser behavior July to September 2023
Looking at worldwide malvertiser activity in Q3 2023, we can see huge Malvertising activity increases in Q3 2023 in specific violations across all categories comparing to Q2, including Landing-page-error, Ssl-non-compliant, Browser-locker, Auto-redirect-app-market and Uncommon-protocols:
+298% Landing-page-error
This User Experience detection shows an alert to the end user claiming that a broken link (404 Error, 5xx, timeouts, etc.) has been found. These broken links can make the end user feel unsafe and discourage them from clicking more ads or even abandon the website. This also results in Advertisers paying for campaign impressions for offers that will not convert.
Insight: It is important to bear in mind that existing expired, stale, and invalid external links on websites can be picked up by malvertisers for malicious or fraudulent purposes. This includes Landing-page-error detections on a website’s ads, or even initially compliant links on an ad campaign that have not been checked properly: If these links expire or become invalid after launch, external malvertisers can take control of the resource and use it for scam or non-compliant purposes!
+230% Ssl-non-compliant
SSL-non-compliant is a User Security detection which contains unsecured items in the chain of resource such as unsafe links, no https, mixed content, a ssl version, or cipher mismatches. If an ad's link is using an unsecure connection or http, it means that it is not encrypted and sensitive data can be compromised - Not only the end user’s security is at stake, but also the website’s reputation, which will be automatically blocked by Google and flagged as unsafe.
Insight: According to The SSL Store, 32% of top US companies and 16% of European companies received failing grades for their SSL/TLS implementations. This is a big security and brand reputation hazard! Any landing or link on a website that doesn’t have an SSL certificate poses a threat to your website visitors. We are risking exposing visitors to data leaks, Phishing attacks, Man in the Middle attacks, which occur when a cybercriminal intercepts the data that transmits between users’ web clients and your website, amongst others. And, again, aside from exposing your end users to danger, you are also endangering your brand’s image and health (You definitely don’t want your website being associated with Phishing scams!), which means that keeping your ads SSL compliant is key to protect your website’s reputation.
+177% Browser-locker
Browser-locker is yet another User Security detection which has seen a huge malvertising activity increases in Q3 2023, and one massively annoying and dangerous violation to your end users! Browser Locker detections use a script to disable them from closing the browser. All attempts will result in a warning message box (Javascript alerts). It keeps the end user’s device locked in place and can use a fake reason such as loss of user data or files to ask them to pay in order to unlock it.
Insight: According to AdSecure scans, the Browser-locker has been found to be +345.6% more prevalent in South East Asia than in the US, comparatively. This is probably because end users in Tier 3 GEOs tend to have access to older devices that aren’t as secure as newer ones, which could be the reason why cybercriminals in South Asia are more drawn to use User Security violations such as Browser-locker, which is designed to keep the end user static into the browser for long enough to steal their data, or even talk them into handing it over!
+163% Auto-redirect-app-market
This User Experience detection uses a script that causes a Publisher site to break out of any frames "framing" it, resulting in automatically redirecting end users to the App Store. Generally, the end user will be redirected to a specific app with the goal of making them purchase or download unwanted, non-compliant and sometimes dangerous software that could impair the security and/or privacy of the end user and their device.
Insight: According to Martech, Auto-redirects alone cost the ad tech industry an estimated $210 million annually, and they also cost it another $920 million by facilitating ads with click fraud! This is especially prevalent in mobile devices, which means that Ad Networks and Publishers need to be extra careful when monitoring ad campaigns targeting Mobile.
50.9% in the top 10 rankings were User Experience violations in Q3 2023
User Experience Violations disrupt the end user’s browsing experience with annoying or malicious activity and content within Advertiser campaigns. Here are the top 5 User Experience violations detected in Q3 2023:
69% User Experience violations were landing-page-error: As we have seen above, this violation, aside from being the most present within the User Experience category, it is also the top violation to be detected amongst all categories, as well as the one that has experienced the most steep increase (+298%!) comparing to Q2 2023. This represents a significant issue for website Publishers because this detection makes the end users feel unsafe within the website where this detection is found. This affects all stakeholders! From Ad Networks and Publishers to Advertisers - Advertisers’ offers won’t convert because of the broken flow, Publishers’ websites will be perceived as dangerous, and Ad Networks’ reputation will as a result be impaired.
14.9% were back-button-hijack: Malvertisers insert a malicious script which allows them to access and manipulate the end user's browser history. Usually it consists of inserting one or several pages in the browser history, which would prevent the end user from going back to the previous page, making them feel unsafe and damaging the reputation of the website where the detection was found.
8.7% were javascript-dialog-on-entry: This detection highlights Javascript alerts that pop up without any interaction when entering a website or when the end user wants to close the active tab. They often appear as warning messages or confirmation dialogues asking for the end user's consent on specific options, which can be very alarming and make them click off the website!
5.1% were permission-notification: A permission request notification is sent to the end user to access their device’s camera, microphone, geolocation, clipboard, etc. These are different from the regular permission notifications when the end user wants to download an app, or gives location access. Rather, these are unsolicited requests that pop up without end user interaction, which once again can be alarming for an end user that has just clicked on an ad. Also, if the end users mistakenly accepts the request, it could end up with malvertisers accessing their personal data, for instance their bank information or tracking their live location!
2.3% were auto-redirect: This detection works similar to Auto-redirect-app-market, using a script "framing" a Publisher’s website and automatically redirecting end users which interact with the ad to another site, which generally contains non compliant content. Some malvertisers use auto-redirects for phishing scams to trick internet users in order to steal their sensitive data like logins and bank details!
IAB Standards violations July to September 2023
IAB Standards detections are designed to stop bad ads damaging your online brand reputation, whether you are a Publisher or an Ad Network. In Q2 2023 Iab-ad-dimensions made into the top 10 most detected ad compliance and quality violations across all categories. In Q3 this has now stabilized back, with no IAB Standards violations in the top 10, which is good news because it means that Advertisers have learned to follow the IAB Standards to ensure an optimum end user experience. However, it is still extremely important for Ad Networks and Publishers to continue with their task of making their Advertisers aware of the importance of following Industry Standards. Because not complying with them can negatively impact website performance, impair user experience, reduce important metrics such as ad clicks and eCPMs, and ultimately negatively affect ad revenues. Also, it is important to remember that Google can penalize or block websites that fail to meet weight and quality standards!
53.4% IAB detections were Iab-ad-dimensions. From Q2 to Q3 this detection has experienced an increase within the IAB category itself, from 37.1% to 53.4%. This is a +43.9% increase! It is important to bear this detection in mind, since it flags ads that are not compliant with the IAB Standards in terms of ad dimensions. The IAB recommends ad dimensions to be in the range of 100x200 - 150x300 so that it can be shown its best across devices and browsers. So, not abiding by this specific standard means that websites will show badly displayed ads that will most likely not convert, and will give a bad image to the website where they are being displayed, as well as to the advertiser promoting the ad campaign!
16.2% ad quality violations were Iab-ad-weight, which detects ads that are too heavy and are not compliant in terms of weight (initial load and sub-load). This detection will flag ads that are not compliant with the IAB standards in terms of ad weight (initial load and sub-load). IAB recommends an ad size with an initial load of maximum 50KB and a sub-load of maximum 100KB.
26.3% were Iab-ad-compression, which flags ads that are not delivered in a compressed format. To optimize the file size for delivery of an ad to a browser, the assets within the ad should be delivered in compressed formats such as gzip.
4.1% were Iab-ad-request-count, which flags ads that are not compliant with the IAB standards in terms of ad request count - The IAB recommends a maximum of 10 requests. Ads consist of multiple resources and the number of requests made to fetch them has a significant impact on the load performance of the ad as well as on the page where it will be displayed.
Conclusions on Worldwide malvertiser activity in Q3 2023:
It is the responsibility of Ad Networks and Publishers to keep their websites and ad supply chains clean, safe and compliant in order to protect the end user’s safety above all things. You can easily prevent bad ads from being launched with AdSecure, which is specially designed to monitor your ad content and flag any ads that could cause issues for you and your brand, in real-time. Do you have any questions on how to protect end users against malvertising, prevent bad quality ads affecting your website, or stop bad ads damaging you online brand reputation? Want to start protecting your online business with AdSecure against bad ads? Sign up and try AdSecure for free now!