Malvertising trends in the UK in Q1 & Q2 2023

Malvertising trends in the UK in Q1 & Q2 2023

With ad security detections increasing in numbers year on year, malvertising continues to be a cause of concern for ad networks and publishers across the globe. This is why AdSecure strives to continuously optimize its ad security tools and features to continue to protect your online business for monetizing ads and end users, from malicious campaigns and poor quality advertising. And not only that, we also bring you up-to-date information about malvertising activity through our quarterly and yearly Violations Reports. This time, we are comparing malvertising trends in the UK from Q2 against Q1 2023.

UK malvertising detections: Categories comparison Q1 & Q2 2023

If we take a deep dive into AdSecure’s Violations Report Q1 & Q2 2023 we will see the evolution of the 4 violations categories detected during the 2 quarters. So let’s see the breakdown of UK malvertising detections in Q1 & Q2 2023 in categories:

UK malvertising detections Q2 2023

UK Malvertising detections Q1 2023

User Security category: 16% of all violations in the UK were within the User Security category in Q1 and 24% in Q2, which is an increase of 50% in the second quarter. This category detects violations that have a serious potential to compromise the end user’s safety and welfare.

User Experience category: 34% of all violations in the UK were within the User Experience category in Q1, and 31% in Q2, which is a decrease of -8.2%. User Experience violations affect end users with malicious and annoying activity within the ads they interact with.

User Advisory category: 49% of all violations in the UK were User Advisory violations in Q1 and 42% in Q2, which is a decrease of -14.2% comparing Q1 with Q2. User Advisory violations detect offensive content that isn’t suitable for all users, as well as suspicious or fraudulent activity.

IAB Standards detections: 1% of all violations in the UK, that 1 in every 100 campaigns, did not meet industry IAB Standards in Q1, and 3% (3 in every 100) in Q2, which is a massive increase of +200%! IAB standards violations measure the performance of ads against the IAB Industry standards to stay industry compliant.

Top 10 GEOs for malvertising attacks

Now, let’s identify the top 10 GEOs with the highest volumes of malvertising attacks detected in Q2 2023:

Top 1: USA (33.4%)
Top 2: Thailandia (11%)
Top 3: India (8.7%)
Top 4: Philippines (7.7%)
Top 5: United Kingdom (7.6%)
Top 6: Germany (7.1%)
Top 7: Brazil (6.8%)
Top 8: Italy (6.1%)
Top 9: Malaysia (6%)
Top 10: France (5.6%)

As we can see above, the UK is number 5 within the top 10 GEOs where most violations were detected by AdSecure. Also, 26.6% of all violations worldwide were detected in Europe in Q2 2023, meaning that Europe is the second region with more cybercriminal activity, right after the USA (with 33.4% of all detections). Additionally, the United Kingdom is the country which has the highest number of violations detected within Europe, with a total of 7.6% malvertising attacks in Q2. Germany follows closely with an average of 7.1% malvertising attacks. Italy and France come next with 6.1% and 5.8% respectively. So, as we can see, a large portion of Europe was affected by malvertising in the second quarter of 2023. Lastly, the United Kingdom had a significant increase of +18.1% of violations detected, comparing Q1 to Q2. As a result of the increase in malicious ad campaigns, more and more publishers, ad networks and ad operations teams need to offer a secure ad browsing experience and guarantee an excellent end user experience.

What are the top 10 UK Malvertising Trends for Q1 & Q2 2023?

AdSecure’s ad safety and ad quality solutions provide powerful and in depth scans to detect malicious advertising and poor ad quality globally, which is why we can give you useful insights to learn cyber criminal activity patterns and protect your online business and end users. In the following table, you can see the top 10 UK malvertising trends ordered by the biggest changes, when comparing Q2 with Q1:

uk violations Q1 Q2 variation

Let’s then look into the most popular online advertising threats that revealed significant increases in the UK in Q2 2023. At the top of the table we have the Iab-ad-dimensions, which we will talk about later in this article, together with the rest of IAB Standards based detections.

+145.4% increase in Malicious URLs

Malicious URLs showed an enormous increase of +145.4% in Q2 compared to Q1. Scammers create and distribute these malicious or dangerous links and try to trick end users into clicking them, sometimes in order to steal their data and sensitive information. Once end users get to these websites, they are dangerously exposed to malicious software, viruses, or other threatening content.

Malvertising insight: It is advisable to run regular analyses pre and post launch, since an ad landing’s URL can be changed anytime by the Malvertisers, and they tend to do it post-launch after bypassing initial compliance and security checks. This means that a compliant URL can be changed into a malicious one at anytime if regular scans aren’t run!

+75% increase in Permission Notifications

In second place, Permission Notification violations had a significant increase of +75% in Q2 compared to Q1. This violation requests permission to send notifications to the end user to access their device’s camera, microphone, geolocation, clipboard, etc. Although not dangerous in all cases, it can be quite a disconcerting and alarming violation, making the end user feel unsafe upon clicking an ad on your website.

Malvertising Insight: The Permission Notification violation offers a very poor user experience because it sends your end users unsolicited alerts asking for unknown apps to get permissions to access personal information, making them feel that their privacy is under threat. Besides, malvertisers use them in the hope that the end user clicks to accept and then the bad actors can access personal files and data from the end user's device, for instance tracking their location for non compliant targeting purposes.

+60.8% increase in SSL Non Compliant

With the highest number of violations detected both in Q1 and Q2 within the top 10 ranking, ssl non compliant increased by +60.8% in Q2 compared to Q1. In brief, SSL Non Compliant detections refer to ads that contain at least one unsecured item in the chain of resources (unsafe, no https, mixed content, ssl version or cipher mismatch).

Malvertising Insight: As you probably know, the ‘s’ in https on a website stands for secure encryption, which can only be guaranteed with an SSL certificate. By not installing an SSL certificate on your website or landing page, you are leaving your website and your end users open to numerous risks of bad ads such as phishing, non-payment, and personal data violations, especially if they are meant to hand over sensitive information such as credit card information, home addresses, and financial data. It is then key to make sure that the SSL certificate is always present both as a website publisher, or as an ad network when assessing the URLs in an ad supply chain.

+60.7% increase in Back Button Hijacks

Back Button Hijacking is an ad security threat which manipulates the end user’s browser history, keeping them stuck on a certain page by inserting one or several redirects in their browser history, to then forward them back to that specific page. It could be used to redirect the end user to dangerous pages containing scam or phishing content designed to steal their data!

Malvertising Insight: Whenever Back Button Hijack scripts are detected, the AdSecure system will notify our clients in real time so they can take faster action on their campaigns. This detection is crucial to prevent publishers and ad networks from keeping their ads and campaigns fully compliant and maintaining a positive online reputation.

IAB Standards Detections

AdSecure is the best malvertising prevention and ad quality solution on the market today, as it offers the IAB Standards detection tool that scans ads to verify that they are aligned with the Industry Standards. The number of IAB Standards detections increased a whooping +200% in Q2!

IAB standards UK violations 2023

This category also experienced huge increases on each detection independently. Let’s have a look:

- Iab-ad-dimension experienced an increase of +231.40% in Q2: This detection will flag ads that are not compliant with the IAB standards in terms of ad dimension, so ads displayed are squashed or pixelated.

- Iab-ad-compression increased by +180.20% in Q2: This detection will flag ads that are not compliant with the IAB standards within this category, which means they are not delivered in a compressed format.

- Iab-ad-weight increased by +166.80% in Q2: This detection will flag ads that are not compliant with the IAB standards in terms of ad weight (initial load and sub-load).

- Iab-request-count increased by +125.10% in Q2: This detection will flag ads that are not compliant with the IAB standards in terms of ad request count. IAB recommends a maximum of 10 requests.

Malvertising insight: As we can see, huge increases all across the board! AdSecure’s IAB detections are a great tool for ad networks and publishers to use to identify advertisers who need to be educated about industry standards. By identifying specific campaigns, the ad network or publisher then contacts the advertiser and asks them to re-submit the campaign with the correct weight, size, compression, etc. Campaigns that are aligned to the IAB standards lead to higher levels of user engagement and overall conversion, which means that providing compliant ad creatives plays a key role in maximizing revenues. Also, website performance can be impacted negatively if industry standards are not met, creating a bad user experience, affecting publisher eCPMs and possible Google rankings.

Dangerous and annoying violation increases outside of the Top 10

Although not in the top 10, the next 3 violations can cause significant disruptions in user experience on publisher websites, either by annoying them with unwanted notifications, or downloading dangerous software that will seriously impair the end user’s welfare and privacy. The 3 detections experienced steep increases in Q2 2023.

+525% increase in Auto Vibrate

The biggest increase (+540%) comparing Q2 to Q1 is for Auto Vibrate. This violation might not have the highest numbers, however as we can see it has experienced a HUGE increase in the UK in less than half a year, which means that it is wise to keep an eye on this specific violation when running ad security scans through the ad supply chain. Auto Vibrate ads automatically vibrate on the user's device when they reach the malicious advertiser’s landing page. This provides a bad navigating experience for the end user and can cause them to feel unsafe since their device has vibrated for no apparent reason! Which could cause them to leave your website immediately and affect your online brand’s reputation.

Malvertising insight: This detection is based on the malicious use of the HTML5 vibrate API. This protocol is also used for some browsers which vibrate as an alert if a virus or problem has been detected. So, it could be difficult for the end user to see the difference between the real alert and the malicious one, especially if the malicious one has been paired up with an auto-pop with a warning. So, aside from being irritating for the end user, it could pose a threat for their safety if delivered by the hands of a very skilled malvertiser!

+216% increase in Pop Ups

Similar to Auto Vibrate, Auto Pops are ads that automatically trigger pops (both Pop Ups and Tabunders) without user interaction. Google penalizes websites that show Pop Ups to end users. In Q2 there was a massive detection spike with malvertisers concentrating a lot of activity using this violation.

Malvertising insight: Aside from providing, once again, a less than ideal end user experience launching unwanted pop messages all over the place, some Pop Ups can automatically trigger and download malicious software into the end user’s device! So, once again, this violation can be a considerable threat for the end user’s device and privacy.

+133% increase in Auto Downloads

Auto Downloads are ads that automatically download a file/executable application without user interaction, which can contain harmful files, viruses, or malware that are quietly installed on the user’s device. This can be dangerous as most of the time the end user is totally unaware.

Malvertising insight: This violation could be especially dangerous for Android users, since the Android operating system uses APK (Android Package Kit) files to install legitimate applications, but these can be manipulated by malvertisers to distribute malicious software! Malicious APK files can be disguised as popular apps, games, or utilities, tempting users to install them. Once installed, these files can gain unauthorized access to sensitive data, take control of devices, or cause other harmful actions.

Conclusion

Are you an ad network or publisher looking for the best malvertising detection solution in the industry? AdSecure is a powerful ad safety and quality solution that monitors the ad supply chain in order to detect and eliminate malicious activity, such as dangerous, non-compliant or low quality ads. Aside from that, at AdSecure we also make available to you annual and quarterly Violation Reports through comprehensive analyses to provide useful insights to learn malvertising’ trends and avoid malicious activity impacting your business. Why not start a 14-day free trial and start protecting your online business and end users now! Or you can get in touch to ask for more information to our expert team.

How Cybercriminals attacked mobile users in Q1 2023

How to protect mobile ads

Mobile continues to grow in dominance as the device that generates the most internet traffic.  According to Oberlo, in February 2023, 60.67% of all web traffic came through smartphones. Cybercriminals know this too and will target malvertising at mobile websites just as much as desktop websites. The question is, how to protect mobile advertising from cybercriminals? And how do Cybercriminals attack mobile users? AdSecure examined violation detection data during Q1 2023. It found that mobile advertising violation detections stood at 46.7% and desktop violation detections at 53.3%. Let’s take a closer look to see the many different tactics used to target malicious advertising at mobile devices.

Mobile browsers and malvertising

According to Statista Android maintained its position as the leading mobile operating system worldwide in the fourth quarter of 2022, with 71.8% share, while iOS accounted for around 27.6% of the mobile operating system market. However, if we look at AdSecure’s violation detection data for iOS devices using Safari versus Android devices using Chrome, it is more disproportionate, with Safari attacks at 44.7% and Android Chrome attacks at 55.3%. 

Mobile browsers and malvertising How Cybercriminals attack mobile users

Insight: Because iPhone users tend to be more affluent, Cybercriminals clearly try to attack iOS mobile users with as much effort as Chrome users.

Top 3 targeted mobile devices for detections per operating system

iOS devices for detections:

iPhone 8 

iPhone 8+

iPhone X

Android devices

Samsung Galaxy S10

Nexus 6 

Google Pixel 3

As you can see these device models are older than the current latest models from manufacturers. iPhone 8 was released back in 2017 and in the Android list, Nexus 6 was released in 2014 and is now discontinued. 

Insight: How do Cybercriminals attack mobile users? Cybercriminals target older handsets because in some cases, older handsets tend not to have the latest software protection updates. They also assume that less tech savvy people tend not to get the latest smartphone models or upgrade their devices for many years. This makes them prime targets for malicious activity. So what was that malicious activity in Q1 targeting mobile devices? 

Mobile Q1 violation types

Looking at the share of each violations category detected on mobile, let's see how Cybercriminals attacked mobile users in more detail:

How Cybercriminals attack mobile users

How do Cybercriminals attack mobile users? User Security violations

In Q1, the top 2 violations which took the lion's share of violations were SSL non compliance, which detects ads that contain at least one unsecured item in the chain of resources (unsafe, no https, mixed content, ssl version or cipher mismatch). The second largest was Malicious URLs which are inserted into ads with the intent of hosting all kinds of unsolicited content such as spam, phishing, and drive-by exploits. Like other kinds of malvertisements, a Malicious URL is designed to lure unsuspecting users to scam sites, which can lead to serious issues such as monetary loss, theft of sensitive information, and the appearance of malware. At first sight, Malicious URLs can look like legit landing page URLs intended to be a part of an ad’s sales funnel. They can go completely undetected by ad platforms and publishers, representing a real threat for the end user.

Top 5 most scary User Security violations for end users

Taking a deeper dive into AdSecure’s detection data, there are a selection of violations that are perhaps the scariest to happen to an end user on their mobile device. In Q1 there were no detections found for Randsomware, perhaps the one violation that brings the most fear for end users, by blocking their device and files unless a ransom is paid. But this did not stop Cybercriminals attempting to exploit end users with the following user security violations:

Browser Locker 42.3%: This violation disables any form of action that can close the browser. In a better scenario, advertisers force users to accept Push Notifications in the browser, otherwise it will loop the users in the browser. In a worse scenario, all attempts to close the browser will result in a warning message box appearing. The purpose of browser lockers is not only to scare but also to create the illusion that the mobile device has been locked. What's happened is that the browser is stuck in between a flurry of alert dialogs that won't seem to go away, no matter how many times they are clicked on.

Drive by Cryptomining 31%: Cybercriminals hijack the end users mobile device to use its processor to secretly mine for Crypto currency for the Cybercriminal. Also called Crytpojacking, the end user has no idea their device has been hijacked. 

Unwanted Programs 14.5%: This violation downloads unwanted software on the end users mobile device via an executable file or mobile application. Programs could be malware, fake antivirus software, etc.

Scareware 7.1%: These are ads claiming that the end user’s mobile device is infected with a virus and that the end user needs an antivirus software, which may, ironically, actually contain a virus that could harm the mobile device, causing costly repairs or, even worse, lead to identity theft. Scammers often use the names of well-known companies that specialize in software to gain end user trust. The Scareware pop-up advertisements aim to mimic genuine warning alerts generated by security software.

Phishing 5.1%: After clicking on an ad the end user is sent to a phishing site which aims to trick the end user into revealing their personal information (for example, passwords, phone numbers, or credit cards). The content pretends to act, or looks and feels, like a trusted entity — for example, a browser, operating system, bank, or government.

How do Cybercriminals attack mobile users? User Experience violations

User Experience violations damage the end user experience on how they interact with ads served on a publisher site. Here are the top 5 User Experience violations AdSecure detected in Q1 on mobile:

Landing Page Error 44.2%: This is when an end user receives an alert when the system identifies a broken/dead link (404 Error, 5xx, timeouts, etc.) on the ad’s landing page or when a broken link is identified in the path (intermediate redirect links inside the chain) between the click URL and the landing page. 

Back Button Hijack 24.6%: Back Button Hijacking is an ad security threat which manipulates the end user’s browser history, keeping them stuck on a certain page by inserting one or several redirects in their browser history, to then forward them back to that specific page. This abusive behavior of hijacking a user's browsing history has been considered a violation by Google Advertising Policies.

Javascript Dialog On Entry 15.9%: A Javascript alert that pops up without user interaction on entering a website.

Permission Notification 10.3%: This violation attempts to ask the end user for permission to send notifications to them.

Auto Redirect 5%: Ads that contain a script causing a mobile web page to break out of any frames "framing" it, resulting in automatically redirecting the visitor to another potentially malicious website/page.

How do Cybercriminals attack mobile users? User Advisory violations

User Advisory violations can provide a poor user experience, driving end users away from websites. This affects the traffic quality of websites and also trust in the websites' ads. The top 5 User Advisory violations AdSecure detected in Q1 are as follows:

Threat Intelligence 34.6%: This detection is based on AdSecure’s Threat Intelligence service and reports if the URL was flagged for a violation in any AdSecure analysis in the previous 30 days.

Unsafe adult content 32.5%: This violation shows ads to end users that contain ad creatives featuring adult content which may contain elements such as nudity, pornographic images or cartoons, or sexual activities. Publisher sites do not want to show ad creatives featuring pornography to end users, unless it is an adult website. It is also potentially harmful for children to be exposed to these ads.

Suspicious TLD 23.1%: Free or suspicious top-level domains are frequently used by Cybercriminals who are setting up hosts for spam emailing, scams, shady software downloads, malware distribution, botnet operations and "phishing" attacks, or other suspicious content. 

IAB Standards 8.1%: The IAB Standards measure the performance of ads against the IAB Industry standards to stay Google compliant, more on this in our next section. 

Crypto ad 1.7%: As cryptocurrency advertising has been regulated by more and more countries, this AdSecure detection identifies misleading or non-compliant cryptocurrency promotions. 

IAB Standards and mobile advertising

AdSecure’s IAB Standards detections are crucial to ensure that ad networks and publishers are serving ads that meet the online advertising industry standards set by the Interactive Advertising Bureau (IAB). This can mean the optimal weight of an ad served, serving pixelated or squished ad creative images, etc. If an end user sees a squashed ad image for example, he is unlikely to click on the ad. Not only does this affect the professional image of the publisher's site that is serving the ad, but also the ad network that is supplying the demand. 

In total, 4.24% of all ads targeting mobile devices scanned by AdSecure in Q1 2023 showed that the ads did not meet the IAB industry standards. That's 1 in every 23 ads on mobile. Of the four IAB Standards AdSecure scans and detects, here are the percentages of each detection in Q1 2023:

IAB Standards and mobile advertising

Two particularly important IAB Standards are the Ad Dimensions and Ad Weight detections. For example, the mobile screen is small and therefore the ad creatives dimensions need to fit into the standard mobile ad format sizes for an optimal end user ad experience. Secondly, 53% of mobile users abandon a site if it is slow to load, and Google penalizes websites that load too slowly. If the website is serving heavier than the industry standard ad weights, this will slow down a mobile device, which could lead to Google rankings for the website being affected. 

Malvertising on mobile, the conclusion

According to Statista, in 2022, mobile advertising spend worldwide was estimated to be worth 336 billion US dollars. By 2023, the mobile advertising market is expected to grow to 362 billion US dollars, a growth of 7.73%. With such a high market value, mobile advertising is the biggest growth sector for ad networks and publishers to monetize. With this huge volume it is easy to see how and why Cybercriminals attack mobile users, they use various tactics to secretly inject malicious advertising campaigns into the ad supply chain. This is highly damaging for ad networks and publishers, not to mention the end user who ends up becoming a victim. As mobioes are now core to everyone's existence, if a Cybercriminal succeeds in infecting or taking over a mobile device, the effects can be devasting for the end user.

Now you can see how Cybercriminals attacked mobile users. So how do you protect mobile ads? AdSecure offers 360 degree monitoring and protection for your ad supply chain by automating your ad verification process before ad campaigns go live & while they are running. Why not start a free 14 day trial and find out how AdSecure can protect your business from Cybercriminals.