To show you the extent of how end users and ad serving platforms are at risk from Cybercriminals malicious ad campaigns affecting adsecurity and ad quality, here is AdSecure's Violations Report for Q1 & Q2 of 2022. AdSecure analyzed over 100 million scans between 1st January to 30th June 2022. These findings provide insights into cyber criminal behavior during Q1 & Q2: What were their malicious weapons of choice? In what GEOs were Malvertising trends located? What did AdSecure’s detections reveal in order to stop and protect end users from malicious ads?
"Malicious ad campaigns overview: 1 in 5 scans reveal 1 violation, and 1 in 80 scans reveal more than 4 violations detected."
21.19 % of scans detected 1 violation
6.6 % of scans detected 2 violations
3.5 % of scans detected 3 violations
1.26 % of scans detected 4 or more violations
Insight: By adding several different violations in one ad campaign, it allows Malvertisers to be much more effective in their exploitation attempts. Some common tactics they use are a chain of different violations including: the ad creative, the landing page, url, redirection path/chain and hidden code within in iframes. Their aim is the hope that even if one or two violations get discovered, others can still slip through undetected.
“27.5% of scans detected User Security violations.”
Compared to Q4 2021, many user security violations have shown significant increases in Q1 2022. The violations include:
- Phishing URL +178.46%
- Malware +174.67%
- Browser Locker +165.57%
- Malicious URL +41.84%
The most common detection within User Security has been Malicious URLs, representing 86.2% of violations within this category, violations between Q1 & Q2 maintained similar numbers. Malvertisers use Malicious URLs to direct users to non-compliant or dangerous sites to steal their personal and sensitive information such as logins or bank information, or trick them into downloading malware, which can lead to serious consequences for the user’s security.
User security trends in detail:
We looked at some of the 4 most alarming security violations for end users in Q1 & Q2. These are categorized as alarming due to how they can compromise the end user's device and also force the end user to part with private data. Non-internet savvy end users can get really freaked out by these violations inserted into malicious ad campaigns.
- 1st place was Browser Locker, which amounts to 43.7% of violations within the category. Although this violation has shown a 49.4% decrease from Q1 to Q2, it is still very popular with Malvertisers in the first half of 2022.
- 2nd place was Crypto Currency Miner, with a 36.1% share. Comparing Q1 to Q2, from April-June there were 70% less violations detected.
- 3rd place came Phishing, amounting to 14.3% of the most alarming security violations, and an increase of 37% in Q2 compared to Q1.
- 4th in this group is Scareware representing 5.9% of the share. This violation also saw a decrease of 42.2% from Q1 to Q2.
Top 4 GEOs for malicious ad campaigns using Scareware Q1 & Q2:
- The US is the country with by far more Scareware detections. Cybercriminals seem to be compelled to use this attack in the US because it is a rich country, although it is one of the top countries to have best cybersecurity, it is also one of the countries where end users are more concerned about their security being compromised. India, Brazil and Bangladesh are poorer countries that rely more on mobile devices to connect to the internet, this can lead to easier infections from viruses, malware and scareware, because cyber security for mobile devices isn’t as strong as on desktop solutions.
Top 5 GEOs for malicious ad campaigns using Browser Locker in Q1 & Q2:
- The majority of the top GEOs for Browser Locker detections are T3 countries located in Asia, where users tend to have access to older devices with poor security tools that aren’t necessarily up to date.
- India has an average of 42% more Browser Locker detections than the US in Q1 and Q2, which was in 9th position for GEOs.
- Thailand has an average of 63% more Browser Locker detections than Mexico in Q1 & Q2, was in 8th position for GEOs.
More User Security Insights:
- Although relatively low volumes compared to other security violations, Adware attacks were on the increase from Q1 to Q2, by a huge 133%.
- Malware was slightly down by 19% due to cyber criminals possibly switching to Adware to continue with their fraudulent activities.
“24.4% of scans detected User Experience violations.”
User Experience violations directly affect the end user with annoying or malicious activity within ad campaigns. AdSecure saw a 20% decrease in User Experience violations when comparing Q1 with Q2 2022.
2 User Experience trends in detail:
- Pop-up detections have increased by 7.5%. Pop-ups are a riskier ad format, since cybercriminals can inject malicious code into the format. Some Pop-ups automatically trigger on the user’s screen, sometimes even downloading malicious software without user interaction.
- Permission-Geolocation has seen an increase of 144%. This is where once an end user has clicked on an ad, a pop-up asks the end user for access to the location of their device. Malvertisers use this method for extreme GEO targeting of further fraudulent tactics such as targeted malvertising campaigns posing as ads localized to the end user. This violation can also exploit the end user's personal data stored in their browser.
Insights: It is worth noting that Ads that request location details from users, such as Permission-Geolocation, for the sole purpose of advertising, are not accepted by Google’s Personal and Sensitive Information Policy, and also contribute to a bad user experience.
“42.5% of scans detected User Advisory violations.”
User Advisory Detections are violations to be cautious of, as they could indicate offensive material not suitable for all users, the potential for suspicious or fraudulent activity or not being aligned with advertising industry standards set by the IAB. Here are the top 4 detections broken down as percentages:
32.3% of scans detected Non-safe adult content
Non-safe adult content shows unrequested offensive material to the end user, no matter their age. It may contain elements showing explicit nudity or sexual activities. AdSecure's Violations Report found that 32.3% of scans in this category detected adult content in ad creatives. Currently several countries including the UK, Australia, Germany, France and Ireland are developing age restriction laws for online content so that users under 18 are not exposed to this sort of content. Now more than ever, it is imperative for publisher sites that receive traffic from all age groups to block ads that promote explicit content. AdSecure's Ads Classification tool is used to identify creatives that feature NSFW and Non-safe adult content.
Insight: AdSecure detected ads with adult content exposed to audiences in three countries in Asia where adult content is illegal. These countries have different means to censor or punish exposure of this kind of content. In South Korea, for example, all adult content is blocked and redirected to warning message landing pages. A publisher could be prosecuted and even sentenced to prison for up to 3 years, or pay fines of up to 3 million Won (US$2,600) for promoting this kind of content. China also punishes this kind of content: In 2010, Chinese authorities shut down 60,000 pornographic websites and arrested almost 5,000 suspects. And the censorship continues to this day. Equally adult content is banned in Thailand. Using AdSecure’s Non-Safe adult content detection to scan campaigns for adult content in GEOs where it is illegal could benefit publishers from possible prosecution.
Almost 1 in 50 detections are IAB Standards Violations
AdSecure has an IAB Standards detection tool that scans ads to verify that the ads are aligned with IAB recommendations to abide by industry standards.There are 4 IAB detections that AdSecure scans for, here you can see the violations percentage split for Q1 & Q2:
By far the largest violation detected was IAB Ad Dimensions at 55.1%, this detection scans for the correct pixel x pixel size, otherwise the ad creative will appear squashed when displayed. Having a squashed ad on a publisher's website looks bad for user experience and also, less or no clicks are likely on the ad zone affecting the publisher's revenues. Just to note, comparing Q1 to Q2 there was a 44% increase in discovering bad ad dimensions. While IAB Ad Compression and IAB Ad Weight decreased in detections, the IAB Ad Request Count saw an increase of 40% comparing Q2 to Q1. This detection verifies that ads meet the IAB maximum recommendation of no more than 10 requests.
Insight: AdSecure’s IAB detection is a great tool for ad networks and publishers to use to identify advertisers who need to be educated about industry standards. By identifying specific campaigns, the ad network or publisher then contacts the advertiser and asks them to re-submit the campaign with the correct weight, size, compression, etc. Campaigns that are aligned to the IAB standards lead to higher levels of user engagement and overall conversion, which means that providing compliant ad creatives plays a key role in maximizing revenues. Also, website performance can be impacted negatively if industry standards are not met, creating a bad user experience, affecting publisher eCPMs and possible Google rankings.
AdSecure’s two new detections introduced in Q2 to further stop malicious ad campaigns
In Q2, AdSecure introduced the new Heavy Ads and Ad Crypto detections to allow further detection of malicious ad campaigns. As these are recent releases data is still being collected, however we wanted to highlight how effective both of these new detections are.
Heavy Ads: Heavy Ads identifies ads that violate Google's rules set out in its Heavy And Intervention from Chrome 84, causing Heavy Ads to get blocked in the Chrome browser. To be classed as a heavy ad, the creatives need to:
- Consume more than 4MB of network bandwidth
- Use CPU for 15 seconds or more within a 30 second window
- Use CPU for 60 seconds or more in total.
Here is an example of the Heavy Detection in action:
Ad Crypto detection: On June 28th AdSecure introduced a new detection called Ad Crypto, which is a violation based on keyword detection. AdSecure identifies crypto-related keywords on ad creatives or landing pages that contain misleading or non-compliant cryptocurrency promotions. By July 12th AdSecure detected 134,356 instances of this violation, that's an average of 8,957 daily violations.
Here is an example of the Ad Crypto detection in action:
How AdSecure detects violations
Malvertising is a continual battle for ad networks, ad serving platforms and publishers in order to detect malicious ad campaigns. Malvertisers use many different tactics and tools to launch their attacks which you can read about in our indepth blog post about different Malvertising techniques here. Luckily help is at hand with AdSecure's ad verification system, which is built around a custom-made crawler capable of simulating a wide array of devices and locations. It allows the clients to automatically scan ad tags and site pages for all kinds of malvertising and non-compliant issues in real-time. Unlike older solutions, AdSecure's crawler is powered by Chrome, and built on the same modern browser technology that powers today’s online world. This technology interacts with digital ads as an end user would to ascertain exactly what the end user will be exposed to throughout the entire flow of the ad campaign.
As a comprehensive, modern and 360 degree ad quality solution, AdSecure provides easy pre-flight campaign verification, post flight ad campaign scans while they are running, ad performance monitoring through our IAB Standards compliance widget, and monitoring of the visual content of ads using our Ads Classification modules.
For further information please contact us here.