• All Articles

How to stop the 4 most dangerous Ad Security threats in 2024

By Anna

March 26, 2024

image

A few weeks ago we published our latest edition of AdSecure’s Violations Report with MarTech. And, according to our scans run on client campaigns for the year, User Security Violations increased by 40.6% from 2022 to 2023! To help you keep your end users and online business safe, we continue giving you useful insights into Malvertising activity; on this occasion, we analyze the top 4 Ad Security Violation increases detected from 2022 to 2023, putting them under the magnifying glass to help you understand how they act, and how to stop them. Continue reading to find out how to stop the 4 most dangerous Ad Security threats in 2024:

Top 4 Ad Security Violation increases detected from 2022 to 2023

Violations detected within the User Security category are potentially the most frightening ones, taking up 28.3% of all detections among all Violation categories in 2023 (Namely, User Security, User Experience and User Advisory and IAB Standards)! User Security Violations directly impair the end user’s online safety by stealing their data, hijacking their devices and exploiting their finances. It is key for both Publishers and Ad Networks alike to be mindful of them in order to protect end users browsing ad content on Publisher websites; bear in mind, ad quality and security violations can seriously impair the Publisher's brand reputation as well as that of the Ad Network serving the ads! So it is in the best interest of all stakeholders to promote a safe and pleasant online browsing experience. Let’s take a look at these detections and learn how to stop the 4 most dangerous Ad Security threats in 2024:

Unwanted-programs-webrisk increased by 3362.39%: How Unwanted-programs exploit end user data

Unwanted-programs dupe end users into installing malicious programs using ads posing as legitimate software with the end goal of selling end user data and showing them intrusive advertising. Here’s how Unwanted-programs exploit end user data:

#1 Inserted in add-ons and legitimate programs bundles: A popular method used by unwanted-programs is to insert itself in browser add-ons and infiltrate in bundles that contain legitimate software installs. Often these additional programs are optional but selected by default, resulting in end users unintentionally installing them.

#2 Collecting end user data: Once installed, this malicious software monitors and harvests the end user’s online activity in order to sell navigation habits data to third party Malvertisers for targeted behavioral illegitimate advertising. 

#3 Increasing the Malvertiser’s revenues: The Malvertiser selling end user data obviously gets an immediate monetary reward. The malicious developer behind the code inserted in the installed malicious software, which causes intrusive pop ups, notifications, and other unwanted ads, also earns revenues based on end user impressions.

#4 More intrusive malicious ads: The third party Malvertisers buying end user data aren’t satisfied with displaying malicious advertising alone, but also modify browser settings (disabling pop blockers, for instance) to display bigger volumes of ads, heavily impairing end user’s device functionality as well as browsing experience.

Ssl-non-compliant increased by 93.31% : How Ssl-non-compliant decrypts end user data

Ssl-non-compliant ads are corrupted ads that contain unsecured items in their resource chain such as landing page links, which can cause security issues. This violation is in most cases flagged after a misplaced or badly secured item in the resource chain. However, when done deliberately, Ssl-non-compliant is a MITM (man-in-the-middle) attack designed to steal and alter sensitive end user information. Here's how Ssl-non-compliant decrypts end user data:

#1 HTTPS spoofing: It sends a fake certificate to the end user’s browser once the initial connection request to a secure site is made. When the end browser verifies it the attacker is able to access any data entered by the unassuming end user.

#2 Browser exploit against SSL/TLS (BEAST): The end user’s device is infected with malicious JavaScript that intercepts encrypted cookies sent by a web app. The app’s CBC is then compromised in order to decrypt cookies and view user information.

#3 SSL hijack: The Malvertiser sends fake authentication keys to both the end user and the web app during a TCP handshake. Which poses as a secure connection when, in fact, the malvertiser is in full control. 

#4 SSL stripping: The HTTPS connection is compromised into HTTP by intercepting the TLS authentication sent from the web app. The Malicious advertiser then sends an unencrypted version of the application to the end user, making the entire session visible to the Malvertiser.

Browser-locker increased by 82.78%: How Browser-locker tricks the end user into paying ransom

Another important detection when learning how to stop the 4 most dangerous Ad Security threats in 2024, this violation disables the end user’s ability to use browser functions, forcing them to either change browser settings (For instance, enable Push Notifications), or pay a ransom in order to release the lock. Any action to close the browser, for instance clicking the close button or pressing shortcut keys, will end up in a warning Javascript message showing a fake reason to ask them to pay in order to unlock their device. Here's how Browser-locker tricks the end user into paying ransom:

#1 Claiming the end user is in trouble: Scaring the end user by claiming that their device has been locked by law enforcement due to detected illegal activity, such as viewing prohibited content. 

#2 Threats to delete personal data: Claiming that the user’s files are encrypted and will be deleted if they don’t pay a ransom. Can be made extra scary by sending a ransom note with an image of the end user using their device’s camera.

#3 Simulating device locking: The Malvertiser could open a browser window in full-screen mode, hiding the cursor and disabling commands. And then ask for a ransom, or even to download malicious software.

#4 Fully locking the end user’s device: The Malvertiser could change the end user’s password and even modify critical system elements, disabling a full reboot and making it impossible to unlock the device without losing data.

Scareware increased by 40.47%: Ways to detect Scareware for end users

Last but certainly not least of top 4 Ad Security Violation increases detected from 2022 to 2023, and potentially the scariest violation yet, Scareware claims that the end user’s device has been infected, using the name of a well-known Antivirus software to gain trust, to then prompt them to pay for fake antivirus software and steal banking information and, ironically, potentially downloading actual viruses! Here  are some ways to detect Scareware for end users:

#1 Scare tactics are at play: Real Antivirus software will never use fear-based alerts to advertise or to prompt end users to deal with a real threat on their devices. If it looks too threatening, it is probably fake. 

#2 An upgrade request is presented: The program tries to manipulate users into upgrading to a better, paid version of their software in order to avoid the end user’s device becoming infected.

#3 The alerts are browser pop-up messages: A real Antivirus will never send messages in a web browser. So, chances are that a Pop-up window notification on your browser is not a real notification.

#4 The end user cannot find a real website: If there is no real website behind the ad or error messages appear when trying to verify the source, it is probably fake.

Now that you have learned about the top 4 Ad Security Violation increases detected from 2022 to 2023, let's find out how to stop the 4 most dangerous Ad Security threats in 2024. 

Conclusion: How to avoid and stop User Security threats

If you are an Ad Network or a website serving ads, it is your sole responsibility to protect your end users against potential threats lurking within these ads. So, here's how to stop the 4 most dangerous Ad Security threats in 2024: With Adsecure, you can monitor your ad campaigns pre and post launch to make sure that your ad supply chain is clean at all times. Block threats, reject or suspend malicious ads all form one single platform to avoid a negative or dangerous online experience and keep all parties safe, including you, your clients, and your brand reputation. Contact us now to learn more on how to avoid and stop User Security threats!

Blog