Inside AdSecure: Diving deeper with the “click-on” option

Welcome to Inside AdSecure, our ongoing series that dives into different aspects of the platform, to ensure our partners always get the most out of our solution. 

In this installment we’re looking at an easily enabled function that allows for a deeper level of analysis of the user experience when they opt to engage fully with banner and native ads: the click-on button. 

The Fundamentals: What happens to the user post-click?

While many attacks injected within a banner creative can trigger without proactive engagement from users visiting the website where the bad ad is displayed, some attacks are more deceptive, hiding their attacks on the other side of the ad after the user has engaged and clicked on the banner. Once an infected ad has been clicked, attacks can happen at multiple points within the complete redirection path, leaving the user hit with a nasty malware to deal with, or a phishing URL extracting their personal and financial details. 

However it’s not just banners that can have this sort of fraud hiding on the post-click side of the ad. This is exactly the same technique that is used when fraudsters launch malicious threats within Native ads, and it is highly effective. Native ads have become very popular as a format because they are less intrusive than other banners and pops, and flow with the other content on the site. This leads to a higher click rates from users, and it’s when they engage by clicking on the native ad where they can fall victim to a redirection hijack that sends them to a malicious page, a ransomware attack, or any other number of digital threats. 

The Pro-tip: Enable the click-on feature for complete insights into the user journey

AdSecure’s click-on button couldn’t be easier to enable for any projects that are monitoring native ad campaigns, where it is crucial to explore what happens post-click continuously, or for projects analysing your banner ad campaigns where you want to know if there is something dangerous waiting for the user on the other side. 

To enable the click on projects created manually within the AdSecure user interface, you can do this easily during the initial project set up by enabling the click-on button located just above the proxy location options in the set-up window, as seen below. 


Should you decide that you want to add the click to an already existing project, you can always open the project and enable the click function at any time while the project is running. 

Once the project has been submitted and the analysis complete, the report AdSecure generates detailing the analysis will include a page that details the results both for the initial scan of the ad and the results for the post-click content here. You can easily toggle through each report to get insights on every step in the redirection path by clicking on each option.




Clicking on native ads is THE best way to ensure the end users engaging with these ads remain safe while doing so, and it provides an extra layer of security for your banner ad campaigns by uncovering what could be waiting on the other side of the interaction. 

If you would like additional support with how best to utilise our click-on feature within your projects, please contact us at support@adsecure.com  

Inside AdSecure: Let’s talk about callback URL notifications

Welcome to Inside AdSecure! This is the first article in a new ongoing series that will dive into different aspects of the platform, to ensure our partners always get the most out of our solution.

For this first installment we are taking a look at one of three options you can use to be notified in real-time whenever AdSecure uncovers violations lurking within your ad campaigns: the callback URL.

The Fundamentals: Setting up a callback URL notification
In addition to receiving real-time email alerts, or AWS simple notifications when AdSecure scans detects user experience or security violations, you also have the option to set up a callback notification that expands the choices for triggering a notification. Using a callback URL notification allows you to opt for the below triggers, depending on your preference:

- ON_VIOLATION: receive a notification when one or several violations are detected during the analysis.

- ON_ALERT: receive a notification when a single alert gets triggered during the analysis.

- ON_DONE: receive a notification upon completion of the analysis

- ON_ERROR: receive a notification when the analysis has failed to complete

When choosing to use the callback URL function, it’s important to remember that you also have to setup a URL to your endpoint that can process the notifications coming from our callbacks.

Callbacks can currently be configured through the GUI, in the notification section, or via AdSecure’s API (learn more here: https://docs.adsecure.com/docs/guides/notification-service.html)

All notifications will be sent as POST requests and include a JSON payload. Here is an example of a result posted to the Callback URL:

{
  "id": "random_id_DUtMjNUMDk6NTY6MTguMTEwWg==",
  "report": "https://s3.amazonaws.com/adsecure/analysis/year=2019/month=1/day=1/random_id_DUtMjNUMDk6NTY6MTguMTEwWg==.json",
  "trigger": "ON_VIOLATION"
}

The Pro-tip: Halt bad campaigns in real-time using a callback URL
One of the most effective ways to use a callback URL is to design it to halt a compromised campaign running on your network in real-time. Configuring your endpoint to suspend a campaign the moment an AdSecure scan detects malicious activity means users are no longer in danger of engaging with a bad ad that could forcefully redirect them to another site, or even worse, infect their system with a destructive malware. Better still, once you have configured your endpoint to halt bad campaigns, the callback allows you to automate this going forward using a simple flow, like this:

  • Create an alert rule with the violations corresponding to your guidelines (see: https://docs.adsecure.com/docs/guides/custom-alert-rules.html)
  • Then create a callback that would be triggered “ON_ALERT”
  • Next, create scan(s) and attach the alert rule and the callback
  • Finally, get your endpoint ready to listen to callbacks in order to take custom actions on your side. (e.g. suspend a campaign)

Thanks to the report that comes with each and every callback,  you can take more advanced actions, like parsing the data to find the relevant information you need to resolve the issue permanently.

If you would like additional support with setting up Callback notifications, or want to learn more about other custom actions that are possible via this feature, please contact us at support@adsecure.com  

 

AdSecure releases first security violations report for Q1 2019

AdSecure, the innovative digital security company that works with ad platforms and publishers to ensure a secure engaging online advertising experience for users, has released their security violations report for Q1 2019. AdSecure’s always online solution uses a crawler built around modern browser technology, analysing ad creatives to detect malicious threats, non-compliance and ad quality issues in real-time.

For this report AdSecure analysed more than 200,000 ad campaigns across multiple regions, devices, and browsers for our partners between 1st January to 31st March. These findings provide insights into cyber-criminal behaviour during Q1: Where they were most prolific, how they delivered their attacks, their malicious weapons of choice, and what AdSecure’s detections revealed in order to stop and protect end users from malicious ads.

Top 10 GEOs with security violations

The percentages represent the 100% total of these top 10 GEOs. They are generally considered to be part of the tier 1 countries group, with the sometimes exception of Argentina. AdSecure’s product manager Mat Derval commented, “Affluent populations are prime targets for cyber criminals. These richer populations are more likely to buy fake security or fake repair software when being redirected to tech support scams as well as being targeted by malware distribution attacks such as the Emotet banking trojan.”

Top 5 GEOs violation breakdown

Drilling down further into the data, AdSecure performed a detailed analysis of the top 5 in order to rank the percentage of detected violations targeted at each country. We can see that Browser locker was by far the biggest violation from a volume perspective, with the only exception being Canada, where it came second to Malware attacks at 50%. Around a quarter of violations were Malware attacks in the USA & Belgium and Scareware being the second most detected violation in France, Argentina, and the USA.  

Browser lockers - the biggest current threat

With the prevalence of Browser locker detections in 8 out of the top 10 GEOs, AdSecure looked globally at which browsers cyber criminals used to target their Browser locker activity on desktop and mobile.

With 70% of detections coming from Google Chrome, Mat Derval commented, “To a cybercriminal it is all about volume and Google Chrome is indisputably the most popular browser. The criminal doesn’t know how long he can get away with the attacks, therefore the life cycle of the attack could be short, so by targeting the world’s biggest browser he can maximise the revenue of the malicious campaign by exposing it to as many end users as possible.”

In conclusion Mat Derval explained, “The biggest threat in Q1 2019 was clearly Browser lockers, including Push lockers, a new variation on this threat,  distributed by bad actors who exploit a flaw in the push notifications opt-in process. AdSecure was able to detect a massive amount of those attacks because our crawler is powered by modern browser technology, which is crucial in order to catch the latest versions or mutations of threats. We detected this new trend at the end of Q4 2018, and we were able to release a major update to our crawler at the beginning of Q1 2019 to protect our clients and partners.”

The key takeaways: using data to fight cyber-crime effectively

  • Follow the money, threat actors certainly do. Much like criminals flock toward the high spending we see within the programmatic and mobile ad marketplaces, targeting affluent nations where digital marketing budgets flow at an astounding pace (digital ad revenues surpassed $100 Billion in the US in 2018) is a no-brainer for a fraudster looking to make the most of an attack. Frequent, diligent scanning and analysis of your campaigns running within these affluent regions will help to greatly eliminate the most dangerous threats lurking within your ad inventory.
  • Everyone loves Google Chrome, including malvertisers. With Chrome being the dominant browser, the likelihood of an attack targeting Chrome users increases dramatically. When looking at how best to distribute the monitoring resources at your disposal, focusing on campaigns frequently viewed on Chrome is a great practice for mitigating attacks.
  • Modern threats require a modern solution. AdSecure was the first provider to identify the push locker mutation of the browser locker attack thanks to the modern tech powering our crawler. Working with modern solutions is key to uncovering every new threat before it can infect your ad delivery.
  • Analyse your campaigns, a lot. Attacks can infect the redirection path at any time during an active campaigns lifecycle, meaning that a creative you scanned right at launch can go from clean to dirty several days after launch. The best way to stay one step ahead is to scan the creatives for threats regularly, using a comprehensive approach that aims to keep threats out pre-flight, and once your campaign is up in the air.

Going Forward

This security violations report is the first of what will be an ongoing, quarterly analysis on the always evolving world of digital risk. In future we will compare current quarterly data with past reports to take a look at how digital ad attacks change over time, where improvements can be found Q on Q, and what new threats are rising in popularity. We look forward to providing both our partners, and all stakeholders within the digital advertising ecosystem, with insights that will help them build a safer digital world. For everyone.

 

About AdSecure

AdSecure provides constant detection and notification of security, compliance & quality issues within the digital ad supply chain.

 

Traffic Factory & AdSecure come together to protect users from digital risk

Dublin, 13 May 2019. AdSecure has formed a new partnership with global ad network Traffic Factory to be their ad security technology provider and drive the continued safety of their network.

AdSecure’s innovative technology will scan ad campaigns for suspicious activity before they launch on Traffic Factory’s network and then further analyse those campaigns while they are live. Suspicious activity can range from quality issues that damage the user experience, such as auto-redirects, back button hijacks, and auto-downloads, to harmful user security threats like malware, browser lockers, phishing URLs, and ransomware. AdSecure will provide constant detection and notification for these and many other digital threats for Traffic Factory, allowing them to immediately halt the offending campaigns and take the appropriate action to maintain user security and provide an amazing experience, every time.

Takanori Kanto, Sales Director at Traffic Factory commented, “It is with great pleasure that we announce our official partnership with AdSecure, a disruptive new force within the field of ad verification and the fight against malvertising. This collaboration will continue to ensure that our network is 100% secure for both publishers on our network and of course, their end users.”

Bryan Taylor, Sales Manager at AdSecure added, “We are delighted to come together with Traffic Factory to launch this great new partnership. Traffic Factory serve over 6 billion daily impressions, and the integration of our ad security solution on Traffic Factory’s network ensures that we can work together to protect millions of internet users from today’s most modern and pernicious digital threats, and solidify the security of the ads served to Traffic Factory’s premium quality traffic sources.

AdSecure provides constant detection and notification of security, compliance & quality issues within the digital ad supply chain. To find out how AdSecure can provide protection for your online business visit www.adsecure.com

TrafficFactory is a global provider of high quality traffic. We’ve harnessed the most up-to-date, accurate Geo-targeting technology , and combined with our Real-Time Bidding model, our clients get the high quality traffic they deserve at a price they can feel good about. To learn more, please visit the site www.trafficfactory.com

For further press information

Contact press@adsecure.com

563% increase in browser locker detection uncovers a new digital threat: Push Lockers

It should come as no surprise to anyone involved in the digital advertising ecosystem that fraudsters are always looking for new methods to target users with sophisticated digital attacks. As soon as innovative new ways of engaging with users are developed, cyber criminals aren’t far behind with a method for exploiting these innovations, particularly when there’s money to be made. Now, as push notification ads grow in popularity, a new threat to user security that capitalises on the push notification flow itself has arrived: push lockers.

Upon identifying these push notification specific lockers, between February and March AdSecure saw a 563% increase in the detection of browser locker attacks, and at the time of writing this article, we have protected our partners from more than 20 unique push lockers in under 24 hours.

What is a push notification ad?

Push notification ads are simple clickable messages, accompanied by a small image, that are delivered to desktop browsers or mobile devices, but only once a user has consented to receiving them. This is a key point, as the users have agreed to see the ads, leaving the perception that they are less intrusive than traditional formats, and develop a higher level of engagement from the user.

Push notifications work by displaying an initial permission request — managed by the browser —  when a user is visiting a site for the first time. Once the user agrees to receive these push notifications, they will receive them based on the frequency set out by the publisher. Should a user opt not to see push notifications, the browser logs this choice as well, and they won’t be asked to subscribe to them again.

What is a push locker?

The push notification format, while relatively new, is growing in popularity within the online marketplace for all the reasons mentioned previously: users have to opt-in to see them at all, and with that consent comes a higher rate of engagement. Brands using push notifications are seeing increased click through rates, and just as marketers are seeing the clear benefits the format provides, cyber criminals are becoming wise to the potential for driving malicious campaigns straight to users screens. What has developed out of these sinister intentions is a new form of browser locker specifically designed around the natural behaviour of a push ad.

How do push lockers work?

When you make the choice to opt-in, or out, of receiving push notifications on a particular site, the browser manages the request and saves the choice. However, it’s the way the browser saves this choice — either by domain, or subdomain — that can expose the user to trouble. What happens if you opt out, but the website redirects you automatically to another subdomain? Can you guess what’s coming? This allows the user to be prompted again to accept the push notification. So naturally, you decline this new request, and then you’re sent to yet another subdomain and asked again, and again, and again. Suddenly you are trapped in an endless looping push notification nightmare, and escape can only be had by giving in and “consenting” to receive the push notification.

Incredibly annoying, right? But this is tame compared to what other push lockers are capable of.

What type of push lockers has AdSecure encountered?

Since first discovering this new form of attack, our development team went on the hunt, uncovering various types of push lockers. In one particularly sophisticated case, users clicking somewhere on the page other than the buttons to allow or block the push would cause the browser to switch to full screen mode, preventing the user from doing anything else until they accepted the push notification, which in turn leads them to a scam offer, or the forced download of malware, or similar security threat. In a separate case, we encountered a push locker that kept users locked on the consent page until they accepted the push, all the while quietly mining cryptocurrencies in the background. Those who opted in were then redirected to a new offer page which also launched the cryptocurrency miner, leaving the user with no safe option to take.

When this type of push locker is implemented on a mobile browser, the entire device is rendered useless for the owner, again until they are forced to consent. In all cases, the looping push notification locks the user into an action they absolutely do not want to take, and puts them at severe risk of exposure to exploit flaws or other security breaches.

What is the solution?

The relative speed at which push lockers have appeared on the scene has caught some ad verification providers off guard. They either weren’t aware of the problem quickly enough, or they aren’t using the modern technology needed to detect push lockers with any degree of consistency and precision.

Push lockers are sophisticated and pernicious, and in order to catch them early and often, the scanning technology being used needs to be based on the most modern browser technology available. This is one of the reasons AdSecure — with a crawler powered by Chrome — was the first ad verification provider to uncover these looping push notifications, and continues to be the only provider catching them at high frequency, and a strong level of precision.

As more publishers and ad platforms begin to work with the push notification ad format, push locker attacks will spread across the digital ads landscape. Make sure your partners are working with an ad verification provider that has the resources and the knowledge needed to track down push lockers and keep them from hurting digital users.

AdSecure empowers ad platforms & publishers to take back control of their ad quality by providing constant detection & notification for ad security, compliance, and quality issues within the digital ad supply chain.

To learn more about how AdSecure is driving a safer digital world for everyone, contact us today.

EXOGROUP ramps up its investment in AdSecure

Barcelona, 12 March 2019. EXOGROUP, the digital technology enterprise business group, today announced it is making a further significant investment in its online ad verification technology company AdSecure. AdSecure was launched in 2017 to provide ad networks and publishers with ad scanning technology to ensure safe, compliant and malware free ad delivery.

EXOGROUP’s further investment of 1 million euros will be used to build more features for the AdSecure platform, grow the existing team and invest in marketing and sales strategies to continue to grow AdSecure’s business.

EXOGROUP’s CEO and Founder Benjamin Fonzé commented, “Ad networks and Publishers face many challenges in today’s market. It is of paramount importance that the end user is protected from cybercriminal activity. AdSecure is constantly developing new AI technologies that intercept any suspicious activity hidden deep within online ad formats, be it in the creatives, ad formats or advertiser landing pages.”

“The impact of malicious attacks on end users can have negative effects on business growth, profit and customer confidence. It’s important that businesses have the tools available to stop end users being exploited by unscrupulous people who are looking for any opportunity to steal or misuse personal and confidential information as well as hijacking a users devices for malicious means.”

“85% of Internet users prefer an ad-supported free Internet therefore it is the duty of all platforms to ensure that those users are fully protected. Our further investment in AdSecure is EXOGROUPs commitment to keeping the internet safe for all users.”

AdSecure currently offers a comprehensive range of features that ad networks and publishers can utilise including:

Intelligent Scanning: Crawler technology that automatically scans ad tags, smart links, landing pages, programmatic RTB campaigns and native ads.

Fully automated platform: Easy integration with our powerful API.

Robust detection: Ensuring ads are compliant with client guidelines with extensive detection coverage.

Multi-targeting: Protection from cloaking practices and using behavioral targeting techniques, checking from multiple browsers, devices and locations including residential and mobile carrier IPs to ensure compliant ad delivery and advertiser landing pages.

Instant detection notifications: Whenever a violation is detected, AdSecure generates real-time notification alerts via a callback url or email. The notification provides advanced reports with forensic grade information and detail.

Spy tool: Access every single report, regardless of the detection outcome, allowing a deeper level of forensic analysis thanks to the complete ad redirection chain provided.

AdSecure intelligence: Real-time response feature applied to AdSecure’s historical dataset allowing malicious domain blocking.

Ad performance: Monitor the horsepower of ads to stop SEO penalisation from slow ads, and regain control of website performance

AdSecure introduces dedicated Suspicious TLD Detection

AdSecure is committed to providing our partners with a higher level of transparency, choice, and control when evaluating the health and security of their digital supply chain and eliminating malicious digital threats. This is why we are very pleased to announce the launch of a new, dedicated detection option: Suspicious TLD (Top-level domain).

Top-level domains (TLDs)  — such as .com, .org, and .edu — are the most prominent domains on the internet, and we have all spent time on a .com domain. You’re reading this on one right now.

While domain names are a key aspect of building a strong online identity, they can also be targeted for abuse by cybercriminals looking to set up hosts for a plethora of dangerous schemes. Spamming, scamming, phishing attacks, malware distribution, and other suspicious activity can often be found lurking on sites with TLDs that look somewhat… unusual.

Enter the Suspicious TLD – top level domains far less familiar to everyday internet users, and frequently weaponized by online scam-artists and threat actors for profit.

Suspicious TLDs — domains ending with things like .xyz, .gq, .country, .stream, — are popular with cybercriminals because they are usually cheaper to obtain than more universally recognised TLDs. This allows the bad guys to register a chain of highly similar top-level domains (like abcd1.xyz, abcd2.xyz, abcd3.xyz) and spread their malicious attacks continuously. When one domain is flagged and shut down, just move your attack to the next one.

Despite the brief lifespan of a Suspicious TLD, their potential impact on the digital ecosystem can ripple far and wide. These domains also pose a unique challenge for dealing with them, because while many have malicious activity lying in wait, many are perfectly clean.

As AdSecure’s Technical Director, Pierre Brouca, points out “the issue with a suspicious domain, like .xyz is that there can be completely safe activity on some, while others are definitely being used to spread malware, or a phishing attack. You also have cases like .xin, which in certain regions will definitely be a suspicious domain, but in China, will be a common TLD used legitimately. Being able to understand not only that the domain is suspicious, but that it also has a serious violation attached to it, makes ad delivery more efficient, saving both time and money for our partners.”


The paradoxical nature of these TLDs has led other ad verification providers to group them all in the same violation bucket as malware, even when the ad is legitimately harmless. This lack of clarity leads to ads being halted without cause, a loss of time and money tackling a non-issue, and potential friction between publishers and advertisers.

AdSecure brings a clear, precise approach to this challenge by introducing a completely separate, fully dedicated violation classification for “Suspicious TLD”. This gives our partners a transparent view of both the suspicious domain and what might — or might not — be lurking within, as our scan reports will also flag separately each additional violation attached to the ad campaign.

With a complete view of what’s really happening within Suspicious TLDs, choice and control over how to proceed is returned, and our partners can confidently take the action that is best for their business.

AdSecure’s new dedicated detection for Suspicious TLD will be available to all partners as of the 31st of January. To learn more, click here

3 trending ad compliance problems in 2019… and how to solve them

Within the digital advertising ecosystem the challenge of securing ad creatives against malicious threats has historically taken a back seat to the bigger, “louder” problem of ad fraud. The impact invalid traffic has on the digital supply chain is often easier for stakeholders to get their heads around, leaving malvertising as a “quiet” problem that has allowed threat actors to fly under the radar and profit from the ensuing damage.

In 2015 an IAB report found an overall US$1.1 billion cost impact on digital advertising from malvertising attacks. Despite being less immediately visible, the problem of creative compliance is not new, and since 2015 attacks have scaled in lockstep with the digital ad ecosystem.

That’s the bad news. The good news is that awareness of the problem – and the resolve to fight it – has also grown. The quiet problem is finding its voice.

With programmatic exchanges making creative compliance a key pillar of their programmatic principles, and Google taking a near zero tolerance approach to abusive ads with the launch of Chrome 71, the focus on delivering clean, compliant creatives has sharpened dramatically. For publishers — and the networks and exchanges they partner with — the cost of inaction will soon become too high to ignore.

AdSecure has identified 3 problems that we expect to trend throughout 2019 and the best solutions to face them head on, and win.

Programmatic & Mobile ad spend: threat actors follow the money

The Problem:

The rise of programmatic ad spend continued throughout 2018, and in 2019 an estimated 65% of all money spent on digital ads will be traded programmatically. Advertisers will spend US$84 billion on programmatic advertising this year, and by 2020 the total is expected to rise to US$98 billion. The money flowing programmatically is massive, and there’s one certainty when discussing malicious activity: follow the money.

More money, more malicious problems. Everything swells in programmatic, creating an ideal breeding ground for dangerous attacks. With publishers losing visibility and control over exactly who is buying traffic, the question of facing malicious activity becomes a matter of when, rather than if.

Similarly, mobile ad spend comprised a staggering 75% of all digital ad spending in 2018, and that growth will continue in 2019. The amount of money involved in mobile advertising is like catnip for criminals. In November 2018, a malware campaign targeting iOS devices managed to hijack an astounding 300 million browser sessions within 48 hours. The culprit behind that attack is still active today.

The AdSecure Solution:

For publishers, negating the damage wrought by malvertising attacks on programmatic campaigns means taking back control to protect both visitors and the revenue streams that fuel the creation of new, engaging content. Trusted partners that embrace the need for transparency and a commitment to delivering clean, malware free programmatic campaigns are a must.

Working with partners who collaborate with dedicated ad verification vendors capable of scanning programmatic campaigns to detect malicious attacks is the best solution. Should ad networks and exchanges not show a willingness to provide that solution, publishers can take on a dedicated service directly, and possibly reconsider their future partner relationships.

With the power mobile campaigns hold in today’s digital advertising landscape, particularly those campaigns running on carrier networks, an anti-malvertising provider that enables their clients to scan campaigns across a global mobile carrier proxy network is key, as is being sure that you decide which campaigns are scanned using mobile carrier proxies, and the frequency. Control needs to be in your hands.

Ad Cloaking & IP Blacklisting: sleight of hand from cyber criminals

The Problem:

Threat actors are clever, and quite inventive when it comes to bypassing ad operations teams searching for bad ads. In order to avoid scrutiny, or risk their attack being stopped before the damage can be done, criminals often resort to ad cloaking via IP blacklisting. Once they have identified those IPs they want to avoid, they are added to a blacklist, which will then present the flagged IPs with a clean ad while the dangerous content creeps along to the intended target.

Some schemes go so far as blacklisting all standard datacentre proxies in a target location, making it difficult for a scanning solution that relies on these proxies alone to detect cloaked attacks. In this scenario, even a dedicated verification tool will be fooled into allowing dangerous attacks to slip through.

The AdSecure Solution:

What if you could take from cyber criminals their ability to know just which IPs to blacklist, but also nullify the benefits of blacklisting altogether? It’s entirely possible with the right approach to proxy coverage. Scanning ad creatives using an intricate network of Residential IPs makes it virtually impossible for an attacker to determine which IPs to blacklist, while making it counterproductive to do so, as these IPs belong to the very users they are looking to target.

Ad cloaking is a growing concern for many ad networks looking to protect their reputations for clean ad delivery and instill confidence in their publishing partners, but with an innovative approach to proxy usage it’s a concern that they can safely say they have covered.

Cryptojacking: a drain on (other people’s) resources

The Problem:

Cryptojacking attacks exploit computer processing power to mine cryptocurrencies without the owner’s consent or knowledge. It’s a relatively new way for hackers to generate profit from malvertising, but it’s definitely a growth enterprise. Last year over 34,000 sites were found running Coinhive, a javascript miner with both criminal and legitimate purposes.

Cryptojacking is growing because it’s easy money and relatively simple to use, even for those low on tech savvy. Cryptojacking is seen as less risky and more profitable than ransomware as it continuously generates income. It is also far more difficult to uncover than ransomware, lowering the fear of being caught.

One way to implement a cryptojacking program is by injecting a script into a digital ad or website. Once a user visits the infected site, or encounters the ad carrying the cryptominer the script is executed, leaving the user blissfully unaware.

This differs from typical malvertising attacks as there is no obvious damage to the user. It does, however, put a massive drain on the CPU of the users device. For individuals this can be annoying, but for a large organisation infected by a cryptojacking script, the costs of detecting and resolving performance issues, or replacing equipment can have a detrimental impact.

The AdSecure Solution:

Scan your creatives early, and often. When looking at dedicated solutions for scanning ad campaigns and detecting suspicious behaviour, a tool that gives you the ability to scan in large volumes will be most effective in protecting users from falling victim to a cryptominer that kills their devices over time.

One final thought: The importance of transparency and trust in your ad tech partners

Digital is unique in that the seller of traffic is responsible for what appears on their site, so ultimately it’s the publisher who gets the blame when something malicious is delivered to their visitors. That duty of care to the consumer means working with partners who understand the weight of that responsibility.

Transparency and trust are key in safeguarding users from harm. Partnering with compliance experts who bring a full spectrum approach to tackling malicious activity, and know that rather than holding control over protection tools and obscuring when they are used — and how often — it’s through empowering clients to take back control of ad creative quality that will ultimately lead to the creation of a secure digital advertising ecosystem.

AdSecure provides creative security solutions that empower our partners to take back control and keep their ads safe. We provide solutions for programmatic & mobile campaign scanning, and robust protection against ad cloaking & IP blacklisting via our innovative residential proxy model. Click here to learn more.

AdSecure launches new Native ad protection feature

Dublin, 14 January 2019. AdSecure, the ad verification tool used by ad networks, ad operations teams and publishers, today announced the addition of Native ad protection to its digital weapons arsenal in order to combat digital threats and malware and safeguard end users when exposed to online advertising.

Native ads pose an interesting challenge when it comes to protecting the user experience. Normally, the Native ad itself looks perfectly clean and harmless but the potentially dangerous elements lurk underneath the surface when a user engages with the Native ad. Post click is where attacks can happen at multiple points throughout the redirection chain, therefore a crucial aspect of protecting against the corruption of Native ads is the ability to understand where a user is sent once they engage with a Native ad.

The risk of attacks via Native ads increases when factoring in the use of programmatic campaigns into the mix. The loss of direct control on the demand generated by programmatic can lead to rapid scaling of harmful activity by cyber criminals.

AdSecure has addressed this issue with a ‘new click option’ which scans and analyses the entire redirection chain: from the Native widget display image through to the final ad’s landing page. This process reveals a full understanding of what will happen to the user post click in order to stop any harmful activity from damaging their experience and their security.

AdSecure’s Product Manager Mathieu Derval commented, “The Native ad format has proved to be incredibly popular and effective both on social media platforms and more traditional news media sites. This has led to massive growth, according to eMarketer, Native ad spend by U.S. marketers rose by more than 30% when compared to 12 months ago. Additionally, with so many apps and mobile sites designed to compliment the Native format over 90% of ad dollars go toward mobile placements. The Drum estimates that 90% of the world’s largest brands are running Native campaigns.”

Derval continued, “With the exponential growth of Native ad placements, criminals are using this format to inflict cyber crime after the end user engages with the Native ad. The end user can then fall victim to a redirection hijack that sends them to a malicious, or offensive landing page. AdSecure’s technology ensures that end users, publishers, ad operations teams and ad networks are fully protected with our new click option, taking creative security to the next level.”  

To find out more about AdSecure or to request a free demo please visit https://www.adsecure.com/contact/

How AdSecure kept advertising safe in 2018

2018 is drawing to a close, and before we know it, 2019 will kick off in full swing, bringing with it new challenges and new opportunities. 2018 marked the launch of an amazing journey for our ambitious project. We overcame challenges, discovered new opportunities for growth, and drove our mission forward to empower our partners in the digital ad space to act with confidence and control when facing malicious activity.

With the holidays fast approaching, the AdSecure team thought it was a good time to take a look back at some of our 2018 highlights, and a few quick (spoiler free) hints at what’s coming for 2019.

Embracing evolution

Cyber criminals are always looking for new methods to advance the spread of – and to profit from –  malicious activity. At AdSecure we decided to tackle ongoing bad guy innovation with the mindset of continuing to evolve and adapt to stop criminals from ruining the experience of user’s looking to engage with great content.

In December 2017 we first introduced our innovative approach to combat cloaking and IP blacklisting techniques with our intricate network of standard, residential, and mobile carrier IPs spread around the globe. In 2018 we picked up right where we left off, adding new locations to expand the scope of our coverage, including Australia, Greece, Nigeria, South Africa, Taiwan, and United Arab Emirates to name a few.

Throughout the year we also continued to enhance the level of protection we provide for our partners. In 2018 we added scanning & support for:

  • Auto-redirects
  • SSL non-compliant
  • Push ads
  • Programmatic RTB Campaigns
  • Click-on banner
  • Native ad protection

AdSecure will continue evolving and adapting to face the newest, and most dangerous, digital threats as they surface by adding new locations, tools, and ad format protections throughout 2019.

Taking the show on the road

In 2018, AdSecure stepped out into the adtech world and officially announced our arrival as a new, ambitious start up with the goal of building a safer digital advertising ecosystem by bringing clarity, simplicity, and innovation to the ad creative verification process.

We chose to introduce ourselves at two of the biggest media shows in Europe. In both cases, it was an amazing experience for us, and we can’t wait to make an even bigger splash in 2019!

Mobile World Congress 2018  

Most of the AdSecure team live and work in beautiful Barcelona, so attending Mobile World Congress – the world’s largest mobile tech conference – was a no-brainer for us. The chance to introduce ourselves to stakeholders in the mobile advertising space and learn what is most important to them when it comes to keeping their campaigns compliant and malware free — and develop our solution informed by their insights and experiences — was invaluable.

 DMEXCO18  

Arguably the most important conference on the digital marketing calendar, at DMEXCO18 in Cologne we took to the stage, quite literally, as a first time exhibitor, joining some of the biggest ad networks, exchanges, and ad tech companies out there. The DMEXCO experience is exhilarating and at times overwhelming, but ultimately completely unforgettable.

Over the 12th & 13th of September we had an amazing time discussing the key issues companies face when it comes to tackling malicious activity and compliance challenges, and showing them how we can help keep their ads safe with our innovative approach to ad creative security. We also took the opportunity to announce the end of our platform beta, and the countdown to our full platform launch! In addition to having high quality conversations, we met fantastic people, and sparked great new relationships that led to strong partnerships in the months following.

As a DMEXCO freshman myself, for anyone out there in the digital world considering attending for the first time in 2019, take it from me: the experience cannot be beat. See you at DMEXCO19!

Setting the stage for 2019

Over the past few months our brilliant development team have been working hard to bring the new AdSecure user interface to life, in order to provide our partners with a robust, powerful, and easy to use platform that both protects their ad creatives from myriad threats, and helps them regain control of their digital landscape.

In November the team completed this goal, and we were delighted to announce the launch of our full AdSecure platform, both to our current partners, and future partners we are excited to work with in the coming years. Now, as we close 2018, our team is busy finalising work on the next key new addition to AdSecure, a real-time threat response tool which will allow our users to block malicious domains before they have a chance to damage – either to their own business, or that of their trusted partners.

For those who have been following us throughout 2018 — either as a collaborator, or as someone curious to learn more about us — we hope you’ve enjoyed the journey as much as we have. To all our clients who showed confidence and trust in the work we are doing, and helped us grow in leaps and bounds this year, we want thank you for trusting us to keep your ads safe. 

We also want to let you know that we have some big plans for 2019. We intend on starting the year on a high note straight away, with the announcement of a great new partnership, which we will tell you all about… next year! Watch this space.

AdSecure strengthens its proxy coverage across the globe

As part of our commitment to help ad platforms, publishers, and ad operations teams preserve trust and maintain security in the online advertising ecosystem, we are excited to announce that we have significantly improved our standard proxy coverage by adding 29 new locations:

  •   Armenia
  •   Azerbaijan
  •   Belarus
  •   Bolivia
  •   Bosnia and Herzegovina
  •   Cambodia
  •   Dominican Republic
  •   Greece
  •   Jamaica
  •   Jordan
  •   Kenya
  •   Kyrgyzstan
  •   Laos
  •   Macedonia
  •   Moldova
  •   Morocco
  •   Nigeria
  •   Pakistan
  •   Philippines
  •   Serbia
  •   Sierra Leone
  •   South Africa
  •   Sri Lanka
  •   Taiwan
  •   Tajikistan
  •   Tunisia
  •   Turkmenistan
  •   United Arab Emirates
  •   Uzbekistan

By continuing to extend our international coverage, AdSecure enables advertising and ad tech teams to efficiently scan every campaign running on their networks, whatever the target locations are.

If you would like to find out more about integrating AdSecure into your business, please visit contact for more information.

Google plans to kill all your ads if you don’t kill the abusive ones first. Here’s how you do it.

OK, kill might be a touch dramatic. However, if you are a publisher displaying ads on your site, or an ad platform serving ads up, the impact is no joke.

The arrival of Google Chrome 71 in December marks a major escalation in Google’s efforts to stop the negative impact abusive adscan have on users. Chrome 71 will block abusive ads — commonly known as malvertising — so that users cannot be deceived into clicking through and exposing themselves to, at the very least the nuisance of an auto-download or a back button hijack, or on the far more serious end of the spectrum, a ransomware attack or a nasty phishing url.

Publishers impacted

This is a good thing, and Google has made previous attempts to tackle these harmful ads with Chrome 68. The key this time is that for repeat offenders, Google won’t merely block the abusive ads on your publisher site, it will block ALL ads until you can consistently clean up your act and protect your website visitors. Google will give you a 30 day grace period to check your Abusive Experiences Report and take action, but should those actions fall short, or worse not be tackled at all, Google will remove all ads from view.

The potential impact for publishers is immediately clear. Revenue from digital ad streams relied on to cover the costs of producing quality, engaging content will evaporate almost immediately, increasing the pain of keeping users interested and coming back day in and day out. Brand confidence will stumble as well when those advertisers buying ad space realise that money has been wasted and their ads won’t be seen by the customers they want to get in front of. A publisher running afoul of Google’s wrath will quickly find themselves caught in a vicious circle.

For the ad platforms these publishers work with to sell their traffic to the highest bidder there will be an unavoidable knock-on effect. Sites that start cleaning up to ensure their ads don’t suffer from a blanket block will soon realize that certain platforms continually serve up these problem ads and lose confidence in their viability as a partner. An ad platform struggling to deliver clean creatives can find their reputation tarnished before they really know what’s hit them.

Time to clean up

So what can you do to keep your ad creatives clean, user friendly, and visible on Chrome 71? Start by taking the problem seriously. 2018 has been an important year for shining a light on the problem of malicious, deceptive content. Recently, six leading programmatic exchanges came together to develop a set of guiding principles for a safe and transparent programmatic ad market, and chief among them was a commitment to scanning all creatives for malware and other ad quality issues. With Google now taking this major step with the launch of Chrome 71, the challenge of eliminating bad ads can no longer be put on the back burner.

Avoid the trap of thinking your operation is too big to be plagued by efforts to infect the ads you work with. While malware issues might trouble smaller digital publishers more regularly, major players can fall victim to some incredibly sophisticated, painful attacks. When this happens, the impact across the digital ecosystem is all the more severe, and the scope that much greater.

What are you doing now?

Next, take a look at what you’re doing now to tackle the problem. Is it agile enough to catch everything? An in house solution might seem like a suitable stop gap, but a basic tool will never detect every threat, particularly as cyber criminals continue to innovate and develop more sophisticated techniques for delivering dirty ads. This leaves ad operations and compliance teams struggling to keep up and ultimately fighting a battle they can never win. Partnering with a dedicated ad verification solution can ensure teams have the support they need, and are empowered to take decisive, data driven action.

For publishers and ad platforms already working with a trusted partner focused on ad quality challenges and still struggling to keep compliant, it’s likely that a single partner won’t suffice, or the solutions they offer are too limited in scope to solve complex challenges. The easy appeal of a real-time blocking solution, for example, sounds like a perfect fix, but in reality the embedded script tasked with blocking in “real-time” relies on a cache system to identify a previously encountered bad ad. Considering the speed and creativity with which talented programmers reinvent or modify the dangerous content injected into an ad, that real-time blocking script will still let any bad ad it has never dealt with before slip through the cracks.

You might be armed with a hammer, but that doesn’t mean every problem is a nail. Within the evolving landscape of malicious behaviour, many new problems will call for a more subtle approach.

New challenges, creative solutions

Another rising concern keeping those handling ad quality compliance awake at night is ad cloaking.  When a member of your compliance team is performing an online quality check, they are likely doing so from a single fixed IP, or at best a small range. Armed with this information, an attacker generates a script that effectively cloaks an attack via IP blacklisting, leaving that visitor viewing a clean ad while the dangerous elements make their way to the target audience.

Again the task at hand requires combating criminal ingenuity. To deal with cloaking, implementing a more sophisticated strategy, using an intricate network made up of millions of proxies renders blacklisting virtually impossible, and ultimately pointless as they would be blacklisting the IPs of their intended victims.

The challenge of malvertising is difficult to face, but impossible to ignore. For publishers and ad networks, the best defense against bad ads is a multifaceted approach combining internal commitment and focus with the external experience and performance abilities of dedicated partners capable of providing confidence, control, and a commitment to creative security.

A trusted partner

We are committed to working with our partners to solve today’s most difficult ad verification challenges. To learn more about the AdSecure platform, our mission to stop cyber criminals from doing harm, and our approach to clean ad delivery, click here.

Ad formats & how they can be corrupted: #2 Banners

What is a banner?

A banner ad, also known as a display banner, is an online advertising format that is typically a designed visual or an image accompanied by text or a call to action. When an end user clicks on the banner he is redirected to a landing page for the advertiser’s offer.

Why do cybercriminals target this format

Cybercriminals seek to take advantage of both display advertising and related ad landing pages to distribute multiple forms of malicious content, by leveraging the ad ecosystem to their advantage. The ad industry is a complex and powerful machine and with the growth of programmatic advertising, where the buying and selling of advertising is carried out automatically in real time, this can lead to a loss of control of the security of ads being served by ad exchanges and ad networks. The rise of programmatic advertising is helping to fuel the robust growth in malvertising. By replacing human decision making for the purchasing and placement of advertising with software in a machine to machine ecosystem, there are new opportunities for criminals to exploit display advertising to distribute malware and hide malicious code within a banner ad.

The banner is still one of the most used ad formats and because of its sheer global volume, the reach and exposure cybercriminals can achieve once they get a banner containing their malicious code to slip through the net, can be huge.

How do they do it?

Some of the most common ways criminals spread malicious banners include:

  • Malicious code hidden within the ad creative, which is enabled only once the campaign has been approved by an ad platform.
  • By compromising trustworthy and legitimate advertiser accounts on ad platforms.
  • The creation of fake identities (skype, linkedin…) in order to mislead someone in the ad chain.
  • Targeting high profile publishers rather than multiple low profile ones to maximize their exposure with a single rogue campaign.
  • Taking advantage of the naivety of end users, who mistakenly often think they need to actually click on a malicious ad to get infected

What examples has AdSecure seen of malicious advertising using this format?

Nowadays, the most common violations with banners are auto-redirects: when an infected ad is effectively being displayed on a publisher’s website, it can get to a point where the iframe will take over control of the website and redirect the visitors to malicious landing pages (containing social engineering content, or even worse, exploit kits).  

Additionally, banner ads can show inappropriate content, for example, a banner containing adult material being displayed on mainstream or even children’s websites, or the image and text of a banner ad that has been designed to mimic genuine warning alerts generated by computer security software.

What is the solution?

AdSecure helps ad platforms and publishers regain control and confidence by offering an ad quality solution capable of scanning, analyzing and detecting malicious and non-compliant ads and their related landing pages.

If you would like to find out more about incorporating AdSecure into your business, please visit our contact page for more information.

AdSecure expands mobile carrier coverage to Australia

??

AdSecure is excited to announce that, in addition to standard and residential IPs, we now also provide mobile carrier coverage for Australia .

As of today, the following providers are available for our clients who want to check their mobile offers running in Australia:

  • Optus
  • Telstra
  • Vodafone

If you would like to find out more about incorporating AdSecure into your business, please visit https://www.adsecure.com/contact/ for more information.

AdSecure is exhibiting at Dmexco 2018

Dublin, 27 August 2018. AdSecure, the all in one anti-malvertising solution and ad verification tool used by ad networks and publishers, today announced that it is exhibiting at Dmexco, one of the world’s leading digital marketing events.

The AdSecure team will be explaining to Dmexco attendees the benefits of protecting their ad platforms and websites from malvertising and non-compliant ads with AdSecure.  

AdSecure is a fully automated platform that uses crawler technology to scan ad tags, smart links, landing pages and programmatic RTB campaigns. Scans can be performed with 3 different types of IPs: Datacenter, Residential and Mobile Carrier. AdSecure clients are immediately alerted to any suspicious activity via instant email notifications and callback URLs. The platform is fully automated and provides powerful API integration using GraphQL technology.

Mathieu Derval, Product Manager at AdSecure commented, “We are very excited to be at Dmexco to showcase our latest platform features. Additionally we will be offering an exclusive 10% discount until the end of 2018 for ad serving platforms and publishers that sign up to AdSecure at our Dmexco booth.”

AdSecure’s booth is located in Hall 7.1 #B064. Dmexco is held 12 – 13 September at Koelnmesse, Cologne.

For further press information contact: press@adsecure.com

One step further towards a better encrypted internet: HTTPS vs HTTP

With its latest release of version 68, the Chrome browser is now labelling as “Not Secure” all HTTP (unencrypted) websites.

As stated on their security blog Google explains that:

“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “Not Secure”

The Chrome 68 omnibox will now show the “Not Secure” label for all HTTP pages, instead of the small “i” icon. This label will not only highlight the unsecured nature of the HTTP pages but will also push publishers to move over to HTTPS from HTTP.

To help drive adoption of a more secure internet, AdSecure is adding a new detection feature on its platform: “SSL non-compliant”. This new feature will help ad-platforms and publishers detect HTTPS banner tags which are loading HTTP resources that lead to generating mixed content errors on the publishers’ websites. Such a problem can cause information leakage, hence the importance of monitoring ad tags.

Here are the different elements AdSecure checks when analyzing the banner tags for SSL compliance:

  • Ensuring that the SSL and certificate version match
  • Flagging suspicious certificates: expired, revoked, untrusted (based on CA), self-signed
  • Checking mixed-content for externally loaded resources (scripts, css, img, etc…)
  • Detecting invalid CAs
  • Verifying protocol and cipher strength to reduce the risk of information leakage

AdSecure provides next-gen defenses that protect publishers and ad platforms against a wide range of attacks. To test how AdSecure can help your organization detect, investigate and respond to advanced malvertising attacks, sign up for a free trial.

AdSecure adds the detection of the auto-redirect to it’s arsenal

25 July 2018. AdSecure, the ad verification tool used by ad networks, ad operations teams and publishers, today announced that it has added the detection of the auto-redirect to it’s arsenal. The auto-redirect is considered to be an annoying format and is also widely used by cybercriminals for distributing malicious advertising.

Once a user is exposed to an auto-redirects, the format takes over his browser redirects him to another website page, this all happens with no interaction by the user. One example of how auto-redirects are delivered to the user is through a malicious banner ad. Even if the banner is only displayed and the user has not clicked on the banner it will still redirect the visitor to another webpage. The banner usually contains a JavaScript and the redirected webpage is then used as a vehicle for some form of affiliate fraud or malware. Some auto-redirect scams go as far as hijacking the browser back button or even trapping the user with a pop-up notification to prevent him from returning to the original site he was viewing.

This intrusive technique affects desktop, mobile and tablet. Mobiles are particularly affected by auto-redirects on both Android and iOS.

AdSecure’s Product Manager Mat Derval commented, “These malicious auto-redirect ads used to only affect junk websites, but recently auto-redirects have been placed on reputable websites including The New York Times amongst others. AdSecure’s team and our technology has enabled us to quickly develop and get to market the software needed to detect this malicious ad format. Ad platforms and publishers that use AdSecure’s all in one malware detection package benefit from keeping their users safe from being exposed to malicious ad formats.”

If you would like to find out more about incorporating AdSecure into your business, please visit our contact page for more information.

For further press information contact:

press@adsecure.com