How AdSecure kept advertising safe in 2019

The holidays are almost here, 2019 is nearly done and dusted, and a new decade is on the horizon. Throughout the past year at AdSecure we encountered and identified unique, sophisticated new versions of those digital threats favoured by threat actors, and we delivered new levels of protection for popular ad formats to help our partners better understand the complete user journey and the associated risk. We also invested in our partners’ own user experience, releasing various UX additions and enhancements to ensure that quick, effective, and safe ad delivery has never been easier. 

At the heart of what we do is a commitment to ensuring publishers and their ad platform partners keep their ads safe for the users that engage with them. So as we say goodbye to 2019, and hello to 2020, let’s take a look back on what we did to detect every threat, protect every user, and keep every ad secure. 

New features added in 2019

Native ad protection

Native ads themselves look perfectly clean and harmless but potentially dangerous elements lurk underneath the surface when a user engages with a Native ad. Post click is where attacks can happen at multiple points throughout the redirection chain, therefore a crucial aspect of protecting against the corruption of Native ads is the ability to understand where a user is sent once they engage with a Native ad.

The risk of attacks via Native ads increases when factoring in the use of programmatic campaigns into the mix. The loss of direct control on the demand generated by programmatic can lead to rapid scaling of harmful activity by cyber criminals.

AdSecure’s feature is a 'new click option' which scans and analyses the entire redirection chain: from the Native widget display image through to the final ad's landing page. This process reveals a full understanding of what will happen to the user post click in order to stop any harmful activity from damaging their experience and their security. More info here.

Dedicated suspicious TLD detection

AdSecure brought a clear, precise approach to detecting domains ending with things like .xyz, .gq, .country, .stream, by introducing a completely separate, fully dedicated violation classification for "Suspicious TLD". Suspicious TLDs are popular with cybercriminals because they are usually cheaper to obtain than more universally recognised TLDs. This allows the bad guys to register a chain of highly similar top-level domains (like,, and spread their malicious attacks continuously. When one domain is flagged and shut down, just move your attack to the next one.

Despite the brief lifespan of a Suspicious TLD, their potential impact on the digital ecosystem can ripple far and wide. These domains also pose a unique challenge for dealing with them, because while many have malicious activity lying in wait, many are perfectly clean.

The paradoxical nature of these TLDs has led other ad verification providers to group them all in the same violation bucket as malware, even when the ad is legitimately harmless. This lack of clarity leads to ads being halted without cause, a loss of time and money tackling a non-issue, and potential friction between publishers and advertisers. Our Suspicious TLD Detection feature gives partners a transparent view of both the suspicious domain and what might — or might not — be lurking within, as our scan reports will also flag separately each additional violation attached to the ad campaign. More info here.

Search engine and date filter

This feature will help you to quickly find scans in your account, and it is a great new, user friendly option in addition to our existing available filters. Using the new search engine will enable you to perform searches by: 

  • Name
  • analysis ID 
  • URL submitted 
  • Locations
  • And devices

In addition to our new search field, we are also adding the ability to filter your analyses by date. To do so, simply click on the date filter and select the range of dates. More info here.

Blacklisted URL

Blacklists are commonly used to protect computer systems and infrastructures against online threats such as phishing, malware or webspam. These lists are principally curated and maintained by search engines, antivirus authorities and security organizations. These lists include information about the abusive URLs or IPs and the type of violations that can be lying in wait. 

AdSecure's Blacklisted URL detection brings these lists together to provide a one stop, comprehensive database for our users. Currently our Blacklisted URL detection features the following list of authorities:

  • Norton Safe Web
  • Google Safe Browsing
  • McAfee
  • Sucuri Labs
  • ESET
  • PhishTank
  • Yandex
  • Opera
  • Spamhaus

This feature provides a greater level of valuable information to protect users from phishing attacks, malware, unwanted software, web spam and social engineering across desktop and mobile platforms. More info here.

Security violation trends during 2019

We detected a new digital threat: Push Lockers. As push notification ads grew in popularity, a new threat to user security that capitalises on the push notification flow itself arrived: push lockers. Modern threats require a modern solution and  AdSecure was the first provider to identify this push locker mutation of the browser locker attack thanks to the modern tech powering our crawler. Working with modern solutions is key to uncovering every new threat before it can infect your ad delivery. Between February and March AdSecure saw a 563% increase in the detection of browser locker attacks. AdSecure’s Bryan Taylor explained all about this new threat to Publishing Executive readers in his article How Push Notifications Are Exposing Readers to a New Breed of Cyber Attack

We released three quarterly security violation reports this year (our Q4 report will follow in January 2020) revealing malvertising and cyber criminal trends, key takeaways included:

Q1 2019

  • Tier 1 GEOs were prime targets for attacks
  • Chrome was the bad actors prefered browser  
  • Push lockers were discovered and intercepted by AdSecure

Q2 2019

Comparing Q1 to Q2, detections revealed:

  • Adware attacks increased by 4854% 
  • Scareware attacks increased by 727%
  • Phishing showed an increase of 71%

Q3 2019

  • 1 out of every 250 scans carried out by AdSecure revealing some type of Malware during Q3
  • Cyber criminals do not take holidays as we investigated security violations targeted at holidaymakers in Europe throughout July & August holiday season.

We want to take this opportunity to thank all of our clients for the confidence and trust they put in us to be their digital ad security partners, and we look forward to continuing to innovate and bring even more sophisticated, powerful new features to our platform in 2020, in support of our common goal: building a safer digital world. For everyone.

Recommended Posts