• All Articles

Malvertising Trends in April to June 2023 and Cybercriminal Activity: AdSecure Violation Report

By Anna

July 28, 2023

image

Wondering how to protect your online business against cyber criminals and IAB Standards violations? For this edition of the AdSecure violations report Q2 2023, we analyzed over 30 million scans of client ad campaign flows in order to monitor and protect your ad tech supply chain against user experience violations, IAB detections and other violations, and to bring you this report on cybercriminal trends April to June 2023, containing insights on IAB Standards violations April to June 2023 and User experience detections in Q2 2023 and more. Our goal is to give you useful insights into cybercriminal malvertising behavior. If you use AdSecure you will be prepared and ready to stop any form of malicious advertising in its tracks before it can damage your business and be exposed to end users. So, let’s have a look at malvertising trends in April to June 2023, and how this compares to Q1:

Almost 1 in 20 scans detected 4 or more violations in a malicious ad campaign

Analyzing cybercriminal activity in Q2 2023 for the for the AdSecure violations report Q2 2023 we found out that 20.7% of all ads analyzed contained at least one violation, whether they are IAB Standards violations in April to June 2023, User Experience detections in Q2 2023, or any violation falling within the diverse categories. Here’s the breakdown of violations detected on website publishers and ad networks that are AdSecure clients, comparing Q1 to Q2 2023:

Malvertising Trends in April to June 2023 and Cybercriminal Activity: AdSecure Violation Report

Although there were decreases in 2 and 3 violations hidden in ad campaigns in Q2, almost 2 in 20 scans revealed cybercriminals had hidden 4 or more violations in ad campaigns. That's an increase of 55.1% in cybercriminal activity in quarter 2 2023!

Cybercriminal trends in April to June 2023 and cybercriminal Activity in quarter 2 2023: Top 10 violations

Looking at the top 10 violations detected in Q2, 2 were in the User Security category, 3 in the User Advisory category, 4 in the User Experience detections in q2 2023, and 1 is an IAB Standards violation April to June 2023:

Ssl-non-compliant (User Security) 22.1%
Threat-intelligence (User Advisory) 16.6%
Landing-page-error (User Experience) 13.5%
Unsafe-content-adult (User Advisory) 13%
Suspicious-tld (User Advisory) 11.2%
Back-button-hijack (User Experience) 8.1%
Javascript-dialog-on-entry (User Experience) 4.9%
Permission-notification (User Experience) 3%
Malicious-url-virustotal (User Security) 2.7%
Iab-ad-dimensions (IAB Standards) 0.9%

Insight: Analyzing cybercriminal activity in quarter 2 2023 for the for the AdSecure violations report Q2 2023 we found out that, for the first time an IAB Standards detection has made it into the quarterly top 10. More and more AdSecure clients are starting to use our IAB Standards tool in order to align all of their ads with the IAB Standards and Google. This could explain why we have seen an increase in violations detected within this category. Aligning with the IAB standards is crucial in order to offer a great user experience and increase engagement and conversions, which of course will maximize ad revenue. Website performance can be heavily impacted if industry standards are not met, and also Google can penalize and block websites that do not abide by certain weight and quality standards. So it is crucial to take this into consideration when thinking about how to detect user security violations in a malicious ad campaign or other violations, how to protect your online business against cyber criminals and IAB Standards violations, and how to monitor and protect your ad tech supply chain against user experience violations and other detections.

Q1 to Q2 comparison on cybercriminal trends April to June 2023

Continuing on this analysis of cybercriminal activity in quarter 2 2023 for the AdSecure violations report Q2 2023, we show you the violations that showed significant detection increases and cybercriminal trends April to June 2023 compared to Q1 2023.

+140.7% phishing-url-webrisk

In the first place we have Phishing URLs, which can be particularly dangerous for end users and their financial and even personal wellbeing! Generally, after clicking on the malicious ad, the end user is sent to a malicious site which pretends to look and feel like a trusted entity, and aims to trick end users into revealing personal or sensitive information such as passwords, bank details, email addresses and phone numbers.

Malvertising insight: Phishing URLs feed off the end user’s hope to win big prizes, huge amounts of money, or on the other end of the spectrum, the fear that they or their possessions might be exposed to cybercriminal activity. Imagine, as a publisher, that this threat has been found on your website, stirring extreme emotions such as fear, anxiety and disappointment in your end users. This association with negative emotions is also extremely dangerous for your online brand’s wellbeing!

+106% permission-camera

In second place we have Permission Camera, which is a detection that sends a pop-up message to the end user and asks them to access their device’s camera. This could be dangerous because if the end user accepts the permission request the malvertiser could use their phone as their own eyes, seeing where the end user is and their identity through the camera lens! They could also even take control over the camera and take pictures of sensitive information and use it for malicious purposes.

Malvertising insight: The high growth on permission-camera attacks could be related to the fact that more and more modern phones have face recognition capabilities, giving the owner of the device access to apps and physical places. It is important to steer clear from this violation, since it could grant cybercriminals access to banking or health apps and other software containing sensitive information, heavily impairing the end user’s welfare and privacy.

+82.5% pop-up

In third place in Q1 we see Pop ups. Some ad networks serve Pop ups as ad formats, however many publisher sites prefer not to show them, or show a limited number of these ads, because Google penalizes websites for showing this ad format, and it is considered annoying to the end user. So this threat could very easily end up in a publisher website being blocked by Google, heavily impacting their revenues and traffic growth.

Malvertising insight: Some malvertisers inject auto-pop ads into the ad supply chain, which are non-compliant ads that automatically trigger pops (both pop-ups and tabunders) without user interaction. This is very annoying to the end users since it impacts their user journey, and it could also be dangerous depending on the content contained by the pop.

+50% scareware

In fourth place we have Scareware, which is one of the most frightening ad security violations. Scareware ads claim that an end user has a virus and is in need of antivirus software. However ironically the downloaded software actually contains a virus that could harm their devices, cause costly repairs or, even worse, lead to identity theft. Scammers often use the names of well-known companies that specialize in computer software to gain your trust. The pop-up advertisements aim to mimic genuine warning alerts generated by computer security software.

Malvertising insight: If scareware wasn’t bad enough in itself, some hackers use scareware in order to spread ransomware! Which is a type of malware that holds devices or files hostage and demands a ransom, convincing the end user to download fake antivirus software in order to recover their device or files that have been taken as hostages!

+31.9% auto-download

In fifth place we have Auto Downloads, which refer to the automatic download of files without the end user's consent or knowledge. These can hide within malicious landings, compromised websites, or deceptive pop ads. These Auto Downloads can infect the end user’s device with malware, adware, spyware, ransomware, or other malicious payloads, compromising their security and privacy.

Malvertising insight: According to the various recent statistics that we pulled out for the AdSecure violations report Q2 2023, Android has more vulnerabilities than iOs. These vulnerabilities can also be easier to exploit! For instance, malicious APK (Android Package Kit) files. While APK files are essential for installing legitimate applications, they can also be manipulated by cybercriminals to distribute malicious software. Malicious APK files can be disguised as popular apps, games, or utilities, tempting end users to install them. Once installed, these files can gain unauthorized access to sensitive data, take control of devices, or cause other harmful actions. This is an important violation to take into account when thinking how to protect your online business against cyber criminals, especially considering the rise on IAB Standards violations April to June 2023.

40% detections in the top 10 ranking were User Experience violations in Q2 2023

Continuing on with cybercriminal trends April to June 2023, lets look into User Experience Violations in Q2 2023, which disrupt the end user’s browsing experience with annoying or malicious activity and content within advertiser campaigns. Here are the top 5 inside the category:

Malvertising Trends in April to June 2023 and Cybercriminal Activity: AdSecure Violation Report

43.1% were landing-page-error. The first violations within the User Experience detections in q2 2023 is Landing Page Error. This detection shows an alert to the end user claiming that a broken link (404 Error, 5xx, timeouts, etc.) has been found. These broken links can make the end user feel unsafe and discourage them from clicking more ads or even abandon the website altogether, which can impact the site’s reputation. Additionally, this results in advertisers paying for campaign impressions, but because of the broken flow from ad to landing page, their offers will not convert!

25.8% were back-button-hijack. A hidden script allows bad actors to access and manipulate the end user's device browser history. Usually it consists of inserting one or several pages in the browser history, which would prevent the end user from going back to the previous page he was coming from. This makes them feel unsafe, also damaging the reputation of the website where this detection has been found.

15.7% were javascript-dialog-on-entry. This detection highlights Javascript alerts that pop up without any interaction when entering a website or when the end user wants to close the active tab. Javascript dialogue boxes can be very alarming to the end user. They often appear as warning messages or confirmation dialogues asking for the end user's consent on specific options, impacting their user journey throughout a publisher site.

9.7% were permission-notification. This violation requests permission to send notifications to the end user to access their device’s camera, microphone, geolocation, clipboard, etc. Permission requests are fairly common, when an end user downloads an app, or gives location access, etc. However, they are unsolicited and possibly alarming for an end user that has just clicked on an ad. Besides, cybercriminals use them in the hope that the end user clicks to accept and then the bad actors can access personal files and data from the end user's device, for instance tracking their location for non compliant targeting purposes.

2.8% were auto-redirect. This detection uses a script that causes a publisher site to break out of any frames "framing" it, resulting in automatically redirecting the visitor to another site that has not been solicited by the end user and generally contains non compliant content. Some cybercriminals use auto-redirects for phishing scams to trick internet users and make them hand over their usernames, passwords or personal information.

IAB Standards violations April to June 2023

Continuing on with this cybercriminal activity in quarter 2 2023 analysis, we want to point out that not only is it the first time an IAB detection makes it into the quarterly top 10 of detections found, but also IAB Standards violations April to June 2023 have increased 7% from Q1 to Q2. More and more ad networks and publishers strive to make their advertisers aware of the IAB Standards so that they ensure that their ads are aligned with them. AdSecure makes it easier with the IAB Standards detection tool, which scans ads to verify that they are fully compliant with industry standards and Google, So think about using this tool if you are thinking about how to protect your online business against cyber criminals and IAB Standards violations April to June 2023. There are 4 different detections measuring ad quality and this is how they ranked within the category on Q2 2023:

Malvertising Trends in April to June 2023 and Cybercriminal Activity: AdSecure Violation Report

37.1% detections within the category were Iab-ad-dimensions: The first violation within the IAB Standards violations April to June 2023 is IAB Ad Dimensions. The IAB recommends that the ad dimension should be in the range of 100x200 - 150x300 to ensure that the ad can be shown its best across devices and browsers. This detection will flag ads that are not compliant with the IAB standards in terms of ad dimension.

29.5% were Iab-ad-compression: To optimize the file size for delivery of an ad to a browser, the assets within the ad should be delivered in compressed formats such as gzip. This detection will flag ads that are not compliant with the IAB standards within this category, which means they are not delivered in a compressed format.

23.7% detections were Iab-ad-weight: Ad weight is the total size of all the ad assets being delivered to the browser at a given phase. This detection will flag ads that are not compliant with the IAB standards in terms of ad weight (initial load and sub-load). IAB recommends an ad size with an initial load of maximum 50KB and a sub-load of maximum 100KB.

9.7% were Iab-ad-request-count: Ads consist of multiple resources and the number of requests made to fetch them has a significant impact on the load performance of the ad as well as on the page where it will be displayed. This detection will flag ads that are not compliant with the IAB standards in terms of ad request count. IAB recommends a maximum of 10 requests.

Aligning with the IAB standards is important, because it leads to a better user experience and journey, increasing engagement and ad campaign conversion, maximizing revenue. For publishers, website performance can be heavily impacted if industry standards are not met. It creates a bad user experience and end users are less likely to click on the ad, affecting publisher eCPMs. Additionally, Google can penalize or even block websites that do not abide by certain weight and quality standards. Read more about the importance of ad quality here.

Malvertisers attacked China and the US

Similar to what we observed in our Q1 Violations Report, in the AdSecure Violations Report Q2 2023 we found that a quarter of Scareware cases worldwide were from the USA. Meanwhile, in China we detected the highest number of Auto Download violations worldwide, also similar to what was reported in China in Q1.

Now, let’s compare both GEOs in Q2. The most recurring attacks in both are Ssl non compliant, Threat intelligence, Landing page error and Suspicious tld:

Ssl-non-compliant amassed 20.5% of all detections in the US and 24.5% in China.

Threat-intelligence was 18.9% of all detections in the US and 18.8% in China.

Landing-page-error was way more popular in China than in the US, with 25.9% in China, and 10.7% in the US.

Suspicious-tld was also more popular in China (25.9% violations) than in the US, where it accounted for 10.7% of all violations.

Within the quarter, one of the main Malvertising trends in April to June 2023 is that China had 6 times higher Auto Downloads violations compared to the US and in the US Back Button Hijack had 103 times higher violations than China. More to come in our future USA versus China violations blog post for Cybercriminal trends April to June 2023!

Cybercriminal activity in quarter 2 2023: Conclusions

We hope that this malvertising trendsin April to June 2023 and cybercriminal activity in quarter 2 2023 analysis has been useful for you. Wondering how to detect user security violations in a malicious ad campaign or how to protect your online business against cyber criminals and IAB Standards violations? Whether you are a website publisher or an ad network, AdSecure will become your best ally to monitor and protect your ad tech supply chain against user experience violations and other detections, flagging any ads that could cause issues for you and your brand. Why not get in touch with us and test out AdSecure to protect your online business from cybercriminal activity now?

Share this article on