Unveiling our latest detection - Blacklisted URL

As part of our mission to build a safer digital world, this week we are pleased to roll out our newest security detection, which plugs into a multitude of web and antivirus blacklists to provide deeper insight into the security -- or lack thereof -- of every URL in a given ad redirection chain.

Continue reading

Traffic Factory & AdSecure come together to protect users from digital risk

Dublin, 13 May 2019. AdSecure has formed a new partnership with global ad network Traffic Factory to be their ad security technology provider and drive the continued safety of their network.

AdSecure's innovative technology will scan ad campaigns for suspicious activity before they launch on Traffic Factory's network and then further analyse those campaigns while they are live. Suspicious activity can range from quality issues that damage the user experience, such as auto-redirects, back button hijacks, and auto-downloads, to harmful user security threats like malware, browser lockers, phishing URLs, and ransomware. AdSecure will provide constant detection and notification for these and many other digital threats for Traffic Factory, allowing them to immediately halt the offending campaigns and take the appropriate action to maintain user security and provide an amazing experience, every time.

Takanori Kanto, Sales Director at Traffic Factory commented, "It is with great pleasure that we announce our official partnership with AdSecure, a disruptive new force within the field of ad verification and the fight against malvertising. This collaboration will continue to ensure that our network is 100% secure for both publishers on our network and of course, their end users."

Bryan Taylor, Sales Manager at AdSecure added, "We are delighted to come together with Traffic Factory to launch this great new partnership. Traffic Factory serve over 6 billion daily impressions, and the integration of our ad security solution on Traffic Factory's network ensures that we can work together to protect millions of internet users from today's most modern and pernicious digital threats, and solidify the security of the ads served to Traffic Factory's premium quality traffic sources.

AdSecure provides constant detection and notification of security, compliance & quality issues within the digital ad supply chain. To find out how AdSecure can provide protection for your online business visit www.adsecure.com

TrafficFactory is a global provider of high quality traffic. We've harnessed the most up-to-date, accurate Geo-targeting technology , and combined with our Real-Time Bidding model, our clients get the high quality traffic they deserve at a price they can feel good about. To learn more, please visit the site www.trafficfactory.com

For further press information

Contact press@adsecure.com

EXOGROUP ramps up its investment in AdSecure

Barcelona, 12 March 2019. EXOGROUP, the digital technology enterprise business group, today announced it is making a further significant investment in its online ad verification technology company AdSecure. AdSecure was launched in 2017 to provide ad networks and publishers with ad scanning technology to ensure safe, compliant and malware free ad delivery.

EXOGROUP's further investment of 1 million euros will be used to build more features for the AdSecure platform, grow the existing team and invest in marketing and sales strategies to continue to grow AdSecure's business.

EXOGROUP's CEO and Founder Benjamin Fonzé commented, "Ad networks and Publishers face many challenges in today's market. It is of paramount importance that the end user is protected from cybercriminal activity. AdSecure is constantly developing new AI technologies that intercept any suspicious activity hidden deep within online ad formats, be it in the creatives, ad formats or advertiser landing pages."

"The impact of malicious attacks on end users can have negative effects on business growth, profit and customer confidence. It's important that businesses have the tools available to stop end users being exploited by unscrupulous people who are looking for any opportunity to steal or misuse personal and confidential information as well as hijacking a users devices for malicious means."

"85% of Internet users prefer an ad-supported free Internet therefore it is the duty of all platforms to ensure that those users are fully protected. Our further investment in AdSecure is EXOGROUPs commitment to keeping the internet safe for all users."

AdSecure currently offers a comprehensive range of features that ad networks and publishers can utilise including:

Intelligent Scanning: Crawler technology that automatically scans ad tags, smart links, landing pages, programmatic RTB campaigns and native ads.

Fully automated platform: Easy integration with our powerful API.

Robust detection: Ensuring ads are compliant with client guidelines with extensive detection coverage.

Multi-targeting: Protection from cloaking practices and using behavioral targeting techniques, checking from multiple browsers, devices and locations including residential and mobile carrier IPs to ensure compliant ad delivery and advertiser landing pages.

Instant detection notifications: Whenever a violation is detected, AdSecure generates real-time notification alerts via a callback url or email. The notification provides advanced reports with forensic grade information and detail.

Spy tool: Access every single report, regardless of the detection outcome, allowing a deeper level of forensic analysis thanks to the complete ad redirection chain provided.

AdSecure intelligence: Real-time response feature applied to AdSecure's historical dataset allowing malicious domain blocking.

Ad performance: Monitor the horsepower of ads to stop SEO penalisation from slow ads, and regain control of website performance

AdSecure introduces dedicated Suspicious TLD Detection

AdSecure is committed to providing our partners with a higher level of transparency, choice, and control when evaluating the health and security of their digital supply chain and eliminating malicious digital threats. This is why we are very pleased to announce the launch of a new, dedicated detection option: Suspicious TLD (Top-level domain).

Top-level domains (TLDs)  — such as .com, .org, and .edu — are the most prominent domains on the internet, and we have all spent time on a .com domain. You're reading this on one right now.

While domain names are a key aspect of building a strong online identity, they can also be targeted for abuse by cybercriminals looking to set up hosts for a plethora of dangerous schemes. Spamming, scamming, phishing attacks, malware distribution, and other suspicious activity can often be found lurking on sites with TLDs that look somewhat… unusual.

Enter the Suspicious TLD – top level domains far less familiar to everyday internet users, and frequently weaponized by online scam-artists and threat actors for profit.

Suspicious TLDs — domains ending with things like .xyz, .gq, .country, .stream, — are popular with cybercriminals because they are usually cheaper to obtain than more universally recognised TLDs. This allows the bad guys to register a chain of highly similar top-level domains (like abcd1.xyz, abcd2.xyz, abcd3.xyz) and spread their malicious attacks continuously. When one domain is flagged and shut down, just move your attack to the next one.

Despite the brief lifespan of a Suspicious TLD, their potential impact on the digital ecosystem can ripple far and wide. These domains also pose a unique challenge for dealing with them, because while many have malicious activity lying in wait, many are perfectly clean.

As AdSecure's Technical Director, Pierre Brouca, points out "the issue with a suspicious domain, like .xyz is that there can be completely safe activity on some, while others are definitely being used to spread malware, or a phishing attack. You also have cases like .xin, which in certain regions will definitely be a suspicious domain, but in China, will be a common TLD used legitimately. Being able to understand not only that the domain is suspicious, but that it also has a serious violation attached to it, makes ad delivery more efficient, saving both time and money for our partners."


The paradoxical nature of these TLDs has led other ad verification providers to group them all in the same violation bucket as malware, even when the ad is legitimately harmless. This lack of clarity leads to ads being halted without cause, a loss of time and money tackling a non-issue, and potential friction between publishers and advertisers.

AdSecure brings a clear, precise approach to this challenge by introducing a completely separate, fully dedicated violation classification for "Suspicious TLD". This gives our partners a transparent view of both the suspicious domain and what might — or might not — be lurking within, as our scan reports will also flag separately each additional violation attached to the ad campaign.

With a complete view of what's really happening within Suspicious TLDs, choice and control over how to proceed is returned, and our partners can confidently take the action that is best for their business.

AdSecure's new dedicated detection for Suspicious TLD will be available to all partners as of the 31st of January. To learn more, click here

3 trending ad compliance problems in 2019… and how to solve them

Within the digital advertising ecosystem the challenge of securing ad creatives against malicious threats has historically taken a back seat to the bigger, "louder" problem of ad fraud. The impact invalid traffic has on the digital supply chain is often easier for stakeholders to get their heads around, leaving malvertising as a "quiet" problem that has allowed threat actors to fly under the radar and profit from the ensuing damage.

In 2015 an IAB report found an overall US$1.1 billion cost impact on digital advertising from malvertising attacks. Despite being less immediately visible, the problem of creative compliance is not new, and since 2015 attacks have scaled in lockstep with the digital ad ecosystem.

That's the bad news. The good news is that awareness of the problem – and the resolve to fight it – has also grown. The quiet problem is finding its voice.

With programmatic exchanges making creative compliance a key pillar of their programmatic principles, and Google taking a near zero tolerance approach to abusive ads with the launch of Chrome 71, the focus on delivering clean, compliant creatives has sharpened dramatically. For publishers — and the networks and exchanges they partner with — the cost of inaction will soon become too high to ignore.

AdSecure has identified 3 problems that we expect to trend throughout 2019 and the best solutions to face them head on, and win.

Programmatic & Mobile ad spend: threat actors follow the money

The Problem:

The rise of programmatic ad spend continued throughout 2018, and in 2019 an estimated 65% of all money spent on digital ads will be traded programmatically. Advertisers will spend US$84 billion on programmatic advertising this year, and by 2020 the total is expected to rise to US$98 billion. The money flowing programmatically is massive, and there's one certainty when discussing malicious activity: follow the money.

More money, more malicious problems. Everything swells in programmatic, creating an ideal breeding ground for dangerous attacks. With publishers losing visibility and control over exactly who is buying traffic, the question of facing malicious activity becomes a matter of when, rather than if.

Similarly, mobile ad spend comprised a staggering 75% of all digital ad spending in 2018, and that growth will continue in 2019. The amount of money involved in mobile advertising is like catnip for criminals. In November 2018, a malware campaign targeting iOS devices managed to hijack an astounding 300 million browser sessions within 48 hours. The culprit behind that attack is still active today.

The AdSecure Solution:

For publishers, negating the damage wrought by malvertising attacks on programmatic campaigns means taking back control to protect both visitors and the revenue streams that fuel the creation of new, engaging content. Trusted partners that embrace the need for transparency and a commitment to delivering clean, malware free programmatic campaigns are a must.

Working with partners who collaborate with dedicated ad verification vendors capable of scanning programmatic campaigns to detect malicious attacks is the best solution. Should ad networks and exchanges not show a willingness to provide that solution, publishers can take on a dedicated service directly, and possibly reconsider their future partner relationships.

With the power mobile campaigns hold in today's digital advertising landscape, particularly those campaigns running on carrier networks, an anti-malvertising provider that enables their clients to scan campaigns across a global mobile carrier proxy network is key, as is being sure that you decide which campaigns are scanned using mobile carrier proxies, and the frequency. Control needs to be in your hands.

Ad Cloaking & IP Blacklisting: sleight of hand from cyber criminals

The Problem:

Threat actors are clever, and quite inventive when it comes to bypassing ad operations teams searching for bad ads. In order to avoid scrutiny, or risk their attack being stopped before the damage can be done, criminals often resort to ad cloaking via IP blacklisting. Once they have identified those IPs they want to avoid, they are added to a blacklist, which will then present the flagged IPs with a clean ad while the dangerous content creeps along to the intended target.

Some schemes go so far as blacklisting all standard datacentre proxies in a target location, making it difficult for a scanning solution that relies on these proxies alone to detect cloaked attacks. In this scenario, even a dedicated verification tool will be fooled into allowing dangerous attacks to slip through.

The AdSecure Solution:

What if you could take from cyber criminals their ability to know just which IPs to blacklist, but also nullify the benefits of blacklisting altogether? It's entirely possible with the right approach to proxy coverage. Scanning ad creatives using an intricate network of Residential IPs makes it virtually impossible for an attacker to determine which IPs to blacklist, while making it counterproductive to do so, as these IPs belong to the very users they are looking to target.

Ad cloaking is a growing concern for many ad networks looking to protect their reputations for clean ad delivery and instill confidence in their publishing partners, but with an innovative approach to proxy usage it's a concern that they can safely say they have covered.

Cryptojacking: a drain on (other people's) resources

The Problem:

Cryptojacking attacks exploit computer processing power to mine cryptocurrencies without the owner's consent or knowledge. It's a relatively new way for hackers to generate profit from malvertising, but it's definitely a growth enterprise. Last year over 34,000 sites were found running Coinhive, a javascript miner with both criminal and legitimate purposes.

Cryptojacking is growing because it's easy money and relatively simple to use, even for those low on tech savvy. Cryptojacking is seen as less risky and more profitable than ransomware as it continuously generates income. It is also far more difficult to uncover than ransomware, lowering the fear of being caught.

One way to implement a cryptojacking program is by injecting a script into a digital ad or website. Once a user visits the infected site, or encounters the ad carrying the cryptominer the script is executed, leaving the user blissfully unaware.

This differs from typical malvertising attacks as there is no obvious damage to the user. It does, however, put a massive drain on the CPU of the users device. For individuals this can be annoying, but for a large organisation infected by a cryptojacking script, the costs of detecting and resolving performance issues, or replacing equipment can have a detrimental impact.

The AdSecure Solution:

Scan your creatives early, and often. When looking at dedicated solutions for scanning ad campaigns and detecting suspicious behaviour, a tool that gives you the ability to scan in large volumes will be most effective in protecting users from falling victim to a cryptominer that kills their devices over time.

One final thought: The importance of transparency and trust in your ad tech partners

Digital is unique in that the seller of traffic is responsible for what appears on their site, so ultimately it's the publisher who gets the blame when something malicious is delivered to their visitors. That duty of care to the consumer means working with partners who understand the weight of that responsibility.

Transparency and trust are key in safeguarding users from harm. Partnering with compliance experts who bring a full spectrum approach to tackling malicious activity, and know that rather than holding control over protection tools and obscuring when they are used — and how often — it's through empowering clients to take back control of ad creative quality that will ultimately lead to the creation of a secure digital advertising ecosystem.

AdSecure provides creative security solutions that empower our partners to take back control and keep their ads safe. We provide solutions for programmatic & mobile campaign scanning, and robust protection against ad cloaking & IP blacklisting via our innovative residential proxy model. Click here to learn more.