Unveiling our latest detection - Blacklisted URL

As part of our mission to build a safer digital world, this week we are pleased to roll out our newest security detection, which plugs into a multitude of web and antivirus blacklists to provide deeper insight into the security -- or lack thereof -- of every URL in a given ad redirection chain.

Continue reading

Inside AdSecure: Diving deeper with the "click-on" option

Welcome to Inside AdSecure, our ongoing series that dives into different aspects of the platform, to ensure our partners always get the most out of our solution. 

In this installment we're looking at an easily enabled function that allows for a deeper level of analysis of the user experience when they opt to engage fully with banner and native ads: the click-on button. 

The Fundamentals: What happens to the user post-click?

While many attacks injected within a banner creative can trigger without proactive engagement from users visiting the website where the bad ad is displayed, some attacks are more deceptive, hiding their attacks on the other side of the ad after the user has engaged and clicked on the banner. Once an infected ad has been clicked, attacks can happen at multiple points within the complete redirection path, leaving the user hit with a nasty malware to deal with, or a phishing URL extracting their personal and financial details. 

However it's not just banners that can have this sort of fraud hiding on the post-click side of the ad. This is exactly the same technique that is used when fraudsters launch malicious threats within Native ads, and it is highly effective. Native ads have become very popular as a format because they are less intrusive than other banners and pops, and flow with the other content on the site. This leads to a higher click rates from users, and it's when they engage by clicking on the native ad where they can fall victim to a redirection hijack that sends them to a malicious page, a ransomware attack, or any other number of digital threats. 

The Pro-tip: Enable the click-on feature for complete insights into the user journey

AdSecure's click-on button couldn't be easier to enable for any projects that are monitoring native ad campaigns, where it is crucial to explore what happens post-click continuously, or for projects analysing your banner ad campaigns where you want to know if there is something dangerous waiting for the user on the other side. 

To enable the click on projects created manually within the AdSecure user interface, you can do this easily during the initial project set up by enabling the click-on button located just above the proxy location options in the set-up window, as seen below. 


Should you decide that you want to add the click to an already existing project, you can always open the project and enable the click function at any time while the project is running. 

Once the project has been submitted and the analysis complete, the report AdSecure generates detailing the analysis will include a page that details the results both for the initial scan of the ad and the results for the post-click content here. You can easily toggle through each report to get insights on every step in the redirection path by clicking on each option.




Clicking on native ads is THE best way to ensure the end users engaging with these ads remain safe while doing so, and it provides an extra layer of security for your banner ad campaigns by uncovering what could be waiting on the other side of the interaction. 

If you would like additional support with how best to utilise our click-on feature within your projects, please contact us at support@adsecure.com  

Inside AdSecure: Let's talk about callback URL notifications

Welcome to Inside AdSecure! This is the first article in a new ongoing series that will dive into different aspects of the platform, to ensure our partners always get the most out of our solution.

For this first installment we are taking a look at one of three options you can use to be notified in real-time whenever AdSecure uncovers violations lurking within your ad campaigns: the callback URL.

The Fundamentals: Setting up a callback URL notification
In addition to receiving real-time email alerts, or AWS simple notifications when AdSecure scans detects user experience or security violations, you also have the option to set up a callback notification that expands the choices for triggering a notification. Using a callback URL notification allows you to opt for the below triggers, depending on your preference:

- ON_VIOLATION: receive a notification when one or several violations are detected during the analysis.

- ON_ALERT: receive a notification when a single alert gets triggered during the analysis.

- ON_DONE: receive a notification upon completion of the analysis

- ON_ERROR: receive a notification when the analysis has failed to complete

When choosing to use the callback URL function, it's important to remember that you also have to setup a URL to your endpoint that can process the notifications coming from our callbacks.

Callbacks can currently be configured through the GUI, in the notification section, or via AdSecure's API (learn more here: https://adsecure.github.io/docs/guides/notification-service.html)

All notifications will be sent as POST requests and include a JSON payload. Here is an example of a result posted to the Callback URL:

{
  "id": "random_id_DUtMjNUMDk6NTY6MTguMTEwWg==",
  "report": "https://s3.amazonaws.com/adsecure/analysis/year=2019/month=1/day=1/random_id_DUtMjNUMDk6NTY6MTguMTEwWg==.json",
  "trigger": "ON_VIOLATION"
}

The Pro-tip: Halt bad campaigns in real-time using a callback URL
One of the most effective ways to use a callback URL is to design it to halt a compromised campaign running on your network in real-time. Configuring your endpoint to suspend a campaign the moment an AdSecure scan detects malicious activity means users are no longer in danger of engaging with a bad ad that could forcefully redirect them to another site, or even worse, infect their system with a destructive malware. Better still, once you have configured your endpoint to halt bad campaigns, the callback allows you to automate this going forward using a simple flow, like this:

  • Create an alert rule with the violations corresponding to your guidelines (see: https://adsecure.github.io/docs/guides/custom-alert-rules.html)
  • Then create a callback that would be triggered "ON_ALERT"
  • Next, create scan(s) and attach the alert rule and the callback
  • Finally, get your endpoint ready to listen to callbacks in order to take custom actions on your side. (e.g. suspend a campaign)

Thanks to the report that comes with each and every callback,  you can take more advanced actions, like parsing the data to find the relevant information you need to resolve the issue permanently.

If you would like additional support with setting up Callback notifications, or want to learn more about other custom actions that are possible via this feature, please contact us at support@adsecure.com  

 

AdSecure releases first security violations report for Q1 2019

AdSecure, the innovative digital security company that works with ad platforms and publishers to ensure a secure engaging online advertising experience for users, has released their security violations report for Q1 2019. AdSecure's always online solution uses a crawler built around modern browser technology, analysing ad creatives to detect malicious threats, non-compliance and ad quality issues in real-time.

For this report AdSecure analysed more than 200,000 ad campaigns across multiple regions, devices, and browsers for our partners between 1st January to 31st March. These findings provide insights into cyber-criminal behaviour during Q1: Where they were most prolific, how they delivered their attacks, their malicious weapons of choice, and what AdSecure's detections revealed in order to stop and protect end users from malicious ads.

Top 10 GEOs with security violations

The percentages represent the 100% total of these top 10 GEOs. They are generally considered to be part of the tier 1 countries group, with the sometimes exception of Argentina. AdSecure's product manager Mat Derval commented, "Affluent populations are prime targets for cyber criminals. These richer populations are more likely to buy fake security or fake repair software when being redirected to tech support scams as well as being targeted by malware distribution attacks such as the Emotet banking trojan."

Top 5 GEOs violation breakdown

Drilling down further into the data, AdSecure performed a detailed analysis of the top 5 in order to rank the percentage of detected violations targeted at each country. We can see that Browser locker was by far the biggest violation from a volume perspective, with the only exception being Canada, where it came second to Malware attacks at 50%. Around a quarter of violations were Malware attacks in the USA & Belgium and Scareware being the second most detected violation in France, Argentina, and the USA.  

Browser lockers - the biggest current threat

With the prevalence of Browser locker detections in 8 out of the top 10 GEOs, AdSecure looked globally at which browsers cyber criminals used to target their Browser locker activity on desktop and mobile.

With 70% of detections coming from Google Chrome, Mat Derval commented, "To a cybercriminal it is all about volume and Google Chrome is indisputably the most popular browser. The criminal doesn't know how long he can get away with the attacks, therefore the life cycle of the attack could be short, so by targeting the world's biggest browser he can maximise the revenue of the malicious campaign by exposing it to as many end users as possible."

In conclusion Mat Derval explained, "The biggest threat in Q1 2019 was clearly Browser lockers, including Push lockers, a new variation on this threat,  distributed by bad actors who exploit a flaw in the push notifications opt-in process. AdSecure was able to detect a massive amount of those attacks because our crawler is powered by modern browser technology, which is crucial in order to catch the latest versions or mutations of threats. We detected this new trend at the end of Q4 2018, and we were able to release a major update to our crawler at the beginning of Q1 2019 to protect our clients and partners."

The key takeaways: using data to fight cyber-crime effectively

  • Follow the money, threat actors certainly do. Much like criminals flock toward the high spending we see within the programmatic and mobile ad marketplaces, targeting affluent nations where digital marketing budgets flow at an astounding pace (digital ad revenues surpassed $100 Billion in the US in 2018) is a no-brainer for a fraudster looking to make the most of an attack. Frequent, diligent scanning and analysis of your campaigns running within these affluent regions will help to greatly eliminate the most dangerous threats lurking within your ad inventory.
  • Everyone loves Google Chrome, including malvertisers. With Chrome being the dominant browser, the likelihood of an attack targeting Chrome users increases dramatically. When looking at how best to distribute the monitoring resources at your disposal, focusing on campaigns frequently viewed on Chrome is a great practice for mitigating attacks.
  • Modern threats require a modern solution. AdSecure was the first provider to identify the push locker mutation of the browser locker attack thanks to the modern tech powering our crawler. Working with modern solutions is key to uncovering every new threat before it can infect your ad delivery.
  • Analyse your campaigns, a lot. Attacks can infect the redirection path at any time during an active campaigns lifecycle, meaning that a creative you scanned right at launch can go from clean to dirty several days after launch. The best way to stay one step ahead is to scan the creatives for threats regularly, using a comprehensive approach that aims to keep threats out pre-flight, and once your campaign is up in the air.

Going Forward

This security violations report is the first of what will be an ongoing, quarterly analysis on the always evolving world of digital risk. In future we will compare current quarterly data with past reports to take a look at how digital ad attacks change over time, where improvements can be found Q on Q, and what new threats are rising in popularity. We look forward to providing both our partners, and all stakeholders within the digital advertising ecosystem, with insights that will help them build a safer digital world. For everyone.

 

About AdSecure

AdSecure provides constant detection and notification of security, compliance & quality issues within the digital ad supply chain.