For AdSecure's Violations Report, AdSecure analysed over 100 million ad campaigns between 1st January to 30th June 2021. These findings provide insights into cyber criminal behaviour during Q1 & Q2: Where they were most prolific? How they delivered their attacks? What were their malicious weapons of choice? What did AdSecure’s detections reveal in order to stop and protect end users from malicious ads?
"1 in 4 scans reveal 1 violation, and 1 in 20 scans reveal more than 3 violations detected."
24.39% of scans detected 1 violation
10.12% of scans detected 2 violations
7.56% of scans detected 3 violations
4.85% of scans detected more than 3 violations
Insight: Malvertisers often try to inject several violations into one single ad campaign to try to slip through the detection net, such as the actual ad creative, the landing page, url, redirection path/chain, hidden code within in iframes. Detecting and identifying the violations needs a robust detection solution. Many ad protection solutions claim that real-time blocking is sufficient for ad networks and publishers, but this isn’t the case. In order to detect for malvertising ad networks and publishers need to scan before the campaign is launched and while the campaign is running, in case bad actors change elements of the campaign after it has been approved, this is done using AdSecure's Active Monitoring. Thirdly, as a final check, Real-time blocking, which scans the ads before they are displayed to the end users, blocking anything malicious. AdSecure offers this three step detection solution as standard.
“39.5% of scans detected User Experience violations.”
These violations directly affect the end user with annoying or malicious activity within ad campaigns. AdSecure saw a slight increase in detections of 4.1% of user experience violations when comparing Q1 with Q2.
AdSecure's Violations Report found the top 4 most used user experience violations by cyber criminals during Q1 & Q2 as a percentage were:
Looking deeper, comparing Q1 to Q2, our detections revealed that bad actors significantly boosted their activity using the following three violations:
Auto downloads +956%
Back button hijack +69%
Auto redirects +67%
Insight: Each user experience violation is considered by Google to be non-compliant. For repeated violations it can affect a Publisher’s Google ranking and come with a risk of being blocked by the world’s biggest browser Chrome. For ad networks, allowing these violations to reach end users will affect relationships with any Publishers affected on their ad network.
“22.5% of scans detected User Security violations.”
AdSecure's Violations Report found the top 4 most detected user security violations by cyber criminals during Q1 & Q2 as a percentage were:
Insight: Overall, the lion's share of detections went to Malicious URL at 67.4%. Malicious URLs are very popular with malvertisers, because they can direct users to fake or fraudulent websites where they then trick the users into downloading malware or stealing their personal information, login credentials or even company data, which can lead to serious user security consequences.
The second highest was Non-compliant SSL at 29.4%. When a non-secure ad is served using http, instead of https, there will be a warning prompt from Chrome on the user's browser, where the end user can stop the ad from being served or Chrome can even cause the entire page to be blocked, because Google flags domains without SSL as unsafe. In order to make sure the ads perform as expected and all data passed between the web server and the user is private and integral, publishers and ad exchanges should ensure that not only their ad server but also the ad itself and all of it’s elements need to use a secure SSL connection. At 29.4%, it shows that Non-compliant SSL is still a big issue in the online advertising industry. Additionally, if an ad is flagged as unsafe to an end user browsing a publisher site, this erodes trust with the end user with regards to the website being viewed.
Drive-by crypto mining at 2% of detections, happens when cyber criminals use an end user’s device’s CPU power to secretly mine for cryptocurrencies without the owner’s consent or knowledge, because they clicked on a malicious ad or ad link. Cyber criminals use a Browser Locker (1.2% of detections) script that they inject into ads. When an end user clicks on the ad it disables any action an end user takes to close the browser, essentially locking the user's device. Any attempts to close the browser results in a warning message box demanding ransomware to unlock the device. Ransomware can significantly damage an end user’s relationship with a publisher site that caused this user security violation.
User Security violations in the top 6 GEOs targeted by bad actors
We examined the top 6 GEOs targeted by cyber criminals with user security violations: USA, UK, Germany, Spain, India and Brazil. Globally these 6 GEOs received the following percentage of user security violation detections:
82.1% of all Phishing URL detections
74% of all Scareware detections
68.6% of all Ransomware detections
50.4% of all Drive-by crypto mining detections
45.3% of all Malicious URLs
35.7% of all SSL non-compliant detections
25.7% of all Malware detections
Furthermore, the US came top for Phishing url detections at 52%, Brazil topped the Scareware list at 30.8% of detections and the UK topped the list for Drive-by crypto mining at 21.4% of all detections.
"16.1% of scans detected Non-safe adult content."
AdSecure's Ads Classification tool is used to identify ad creatives that feature Non-safe adult content/Not Suitable For Work (NSFW) images or videos. Adult content may contain elements such as photos/cartoons showing nudity or sexual activities. AdSecure's Violations Report found that 16.1% of scans detected adult content in ad creatives. Currently several countries including the UK, Australia, Germany, France and Ireland are developing age restriction laws for online content so that under 18’s are not exposed to adult content online. Therefore it is imperative for publisher sites that are open to all age groups to block ad creatives that feature adult content.
Insight: Publisher sites could be breaking the law in certain GEOs, for example 3.4% of detections for adult content were detected in strict Muslim countries in the Middle East including Algeria, Saudia Arabia, United Arab Emirates, Egypt, Tunisia.
"1 out of every 40 detections found ad creatives that were not aligned with the IABs industry standards."
AdSecure's Violations Report discovered that non alignment with the IAB Standards accounted for 2.4% of all scans carried out in Q1 and Q2 of 2021. Out of those 2.4% of scans, the following graph shows the percentage of detections related to each IAB Standard:
Insight: Ad campaigns aligned to the IAB standards lead to higher levels of user engagement and overall conversion, meaning that these standards play a key role in maximising revenue for each campaign. Additionally, website performance can be heavily impacted if industry advertising standards are not met. It creates a bad user experience and end users are less likely to click on the ad, affecting publisher eCPMs.
Furthermore, now that Google has added web content performance into it’s SEO rankings, monitoring for low performing ad content can help publishers ensure they avoid SEO penalties in the future. The weight of ad creatives is also important, because fast loading ‘light’ ads create a better end user experience and keep publishers in line with Google’s Chrome web browser which unloads ads that use excessive amounts of a user’s bandwidth and device CPU. Unloaded ads show the following message within the website's ad zone where the ad should be:
This can also happen with HTML/Iframe campaigns where the creatives are not meeting IAB standards.
AdSecure’s IAB Standards detection tool can help publishers and ad networks identify non aligned campaigns in order to stop the campaigns before they cause publishers problems, and are a way for ad networks to contact advertisers to inform them to resubmit creatives in order to meet the industry standards and help them maximise their campaign revenues.