AdSecure releases first security violations report for Q1 2019

AdSecure, the innovative digital security company that works with ad platforms and publishers to ensure a secure engaging online advertising experience for users, has released their security violations report for Q1 2019. AdSecure’s always online solution uses a crawler built around modern browser technology, analysing ad creatives to detect malicious threats, non-compliance and ad quality issues in real-time.

For this report AdSecure analysed more than 200,000 ad campaigns across multiple regions, devices, and browsers for our partners between 1st January to 31st March. These findings provide insights into cyber-criminal behaviour during Q1: Where they were most prolific, how they delivered their attacks, their malicious weapons of choice, and what AdSecure’s detections revealed in order to stop and protect end users from malicious ads.

Top 10 GEOs with security violations

The percentages represent the 100% total of these top 10 GEOs. They are generally considered to be part of the tier 1 countries group, with the sometimes exception of Argentina. AdSecure’s product manager Mat Derval commented, “Affluent populations are prime targets for cyber criminals. These richer populations are more likely to buy fake security or fake repair software when being redirected to tech support scams as well as being targeted by malware distribution attacks such as the Emotet banking trojan.”

Top 5 GEOs violation breakdown

Drilling down further into the data, AdSecure performed a detailed analysis of the top 5 in order to rank the percentage of detected violations targeted at each country. We can see that Browser locker was by far the biggest violation from a volume perspective, with the only exception being Canada, where it came second to Malware attacks at 50%. Around a quarter of violations were Malware attacks in the USA & Belgium and Scareware being the second most detected violation in France, Argentina, and the USA.  

Browser lockers - the biggest current threat

With the prevalence of Browser locker detections in 8 out of the top 10 GEOs, AdSecure looked globally at which browsers cyber criminals used to target their Browser locker activity on desktop and mobile.

With 70% of detections coming from Google Chrome, Mat Derval commented, “To a cybercriminal it is all about volume and Google Chrome is indisputably the most popular browser. The criminal doesn’t know how long he can get away with the attacks, therefore the life cycle of the attack could be short, so by targeting the world’s biggest browser he can maximise the revenue of the malicious campaign by exposing it to as many end users as possible.”

In conclusion Mat Derval explained, “The biggest threat in Q1 2019 was clearly Browser lockers, including Push lockers, a new variation on this threat,  distributed by bad actors who exploit a flaw in the push notifications opt-in process. AdSecure was able to detect a massive amount of those attacks because our crawler is powered by modern browser technology, which is crucial in order to catch the latest versions or mutations of threats. We detected this new trend at the end of Q4 2018, and we were able to release a major update to our crawler at the beginning of Q1 2019 to protect our clients and partners.”

The key takeaways: using data to fight cyber-crime effectively

  • Follow the money, threat actors certainly do. Much like criminals flock toward the high spending we see within the programmatic and mobile ad marketplaces, targeting affluent nations where digital marketing budgets flow at an astounding pace (digital ad revenues surpassed $100 Billion in the US in 2018) is a no-brainer for a fraudster looking to make the most of an attack. Frequent, diligent scanning and analysis of your campaigns running within these affluent regions will help to greatly eliminate the most dangerous threats lurking within your ad inventory.
  • Everyone loves Google Chrome, including malvertisers. With Chrome being the dominant browser, the likelihood of an attack targeting Chrome users increases dramatically. When looking at how best to distribute the monitoring resources at your disposal, focusing on campaigns frequently viewed on Chrome is a great practice for mitigating attacks.
  • Modern threats require a modern solution. AdSecure was the first provider to identify the push locker mutation of the browser locker attack thanks to the modern tech powering our crawler. Working with modern solutions is key to uncovering every new threat before it can infect your ad delivery.
  • Analyse your campaigns, a lot. Attacks can infect the redirection path at any time during an active campaigns lifecycle, meaning that a creative you scanned right at launch can go from clean to dirty several days after launch. The best way to stay one step ahead is to scan the creatives for threats regularly, using a comprehensive approach that aims to keep threats out pre-flight, and once your campaign is up in the air.

Going Forward

This security violations report is the first of what will be an ongoing, quarterly analysis on the always evolving world of digital risk. In future we will compare current quarterly data with past reports to take a look at how digital ad attacks change over time, where improvements can be found Q on Q, and what new threats are rising in popularity. We look forward to providing both our partners, and all stakeholders within the digital advertising ecosystem, with insights that will help them build a safer digital world. For everyone.

 

About AdSecure

AdSecure provides constant detection and notification of security, compliance & quality issues within the digital ad supply chain.

 

Nearly 1.5 million phishing sites are created each month

One area of cyber crime that that has picked up dramatically over the last 12 months is phishing.  If you are not familiar with what phishing is, it is the art of tricking people in to handing over their credentials or access to protected systems. Phishing campaigns tend to be huge email blasts that contain either links or attachments. You click a link that takes you to a website that looks like your bank’s, and enter your credentials without thinking. Or in the case of a more sophisticated attack, you click a link or attachment which installs a piece of malware which compromises a system or network.

Verizon’s 2016 Data Breach Investigations Report carried out a study of 150,000 phishing emails and alarmingly, 30 percent of phishing messages were opened – up from 23 percent in the 2015 report – and 13 percent of those clicked to open the malicious attachment or nefarious link.

It seems that cyber criminals are on a major phishing expedition, with the latest figures from The Webroot Quarterly Threat Trends Report stating that 1.385 million new phishing sites are created each month.  May 2017 set a new monthly record with 2.3 million sites created.

The report also states that phishing sites are getting much harder to detect as they are becoming much more sophisticated.  They also found that these sites tend to stay up for a very short period of time: between four and eight hours. This enables the sites to avoid getting tracked or blacklisted. Even if the blacklists are updated hourly, they are generally 3–5 days out of date by the time they’re made available, by which time the sites in question may have already victimized users and disappeared.  The report also found that criminals are using company impersonations as one of their main techniques, posing as emails from Google, Chase, Dropbox, PayPal and Facebook being the biggest targets.