According to our scans, comparing Q4 2023 with Q1 2024, there has been a +31.1% in online security threat detections increases worldwide! Are you a website Publisher or an Ad Network trying to run your Advertising business successfully? Then keeping your ad supply chain clean and your end users safe against Malvertsing attempts and non-compliant ads is paramount. This is why, aside from providing you with 360 real-time ad safety and protection software and security measures against online threats and ad violations, we also give you quarterly insights into worldwide Malvertising activity: to help you understand cybercriminal behavior and give you the tools to best protect your digital assets and audiences. Continue reading to find out about the most dangerous online business security threats increases detected in January to March 2024 comparing to October to December 2023:
Almost 1 in 30 scans detected 4 or more violations in a malicious ad campaign
So, let's get into 2024's online security threat detections increases: To give you an overview on the most dangerous online business security threats increases of 2024, we compared ad supply chain data from Q3 2023 to Q1 2024. And we found out that 20.1% of ads contained at least one violation in Q1 2024. See the breakdown of bad ads detected comparing Q3 2023 and Q1 2024:
As we can see, there have been some steep increases in worldwide Malvertiser activity in Q1 2024! In fact, in Q1 2024, 1 in 30 scans detected 4 or more violations in each single malicious ad campaign, which is an increase from Q4 2023 1 in 60 scans. This means that it is still extremely important to keep an alert eye on your ad supply chain and use professional security measures against online threats and ad violations in order to stop bad ads damaging your online brand reputation.
Top 10 ad violations and their categories for Q1 2024: Most dangerous online business security threats increases
As we can see below, of all the top 10 online security threat detections increases worldwide and their categories detected in Q3, 4 were in the User Experience category, 2 in the User Security category, and 4 were User Advisory detections:
Landing-page-error (User Experience) 17.04%
Ssl-non-compliant (User Security) 15.30%
Back-button-hijack (User Experience) 13.20%
Unsafe-content-adult (User Advisory) 11.90%
Suspicious-tld (User Advisory) 11.60%
Malicious-url-virustotal (User Security) 10.50%
Javascript-dialog-on-entry (User Experience) 9.80%
Threat-intelligence (User Advisory) 2.60%
Iab-ad-dimensions (User Advisory) 2.50%
Permission-notification (User Experience) 1.50%
Comparing Q1 2024 with Q4 2023 we can see some very steep increases among the top 10 ad violations and their categories. The two most dangerous online business security threats increases are unsafe-content-adult, with +108.9% increase, and iab-ad-dimensions, with a mindblowing +2733.9% increase! This steep growth on unsafe-content-adult clearly showcases a change in the direction of Malvertiser tactics towards showing non-compliant ads to promote services that are not age appropriate, potentially exposing underage or vulnerable end users to content that can be harmful for their psyche and wellbeing. On the other hand, the huge increase in iab-ad-dimensions once again remarks the need to educate Advertisers on the importance of following Industry Standards. Now that we know what the top 10 ad violations and their categories are, continue reading to find out more about online security threat detections increases worldwide and how to implement security measures against online threats and ad violations!
Q4 2023 to Q1 2024 comparison on Malvertiser behavior
Continuing on you will find out about the 7 ad quality and most dangerous online business security threats increases comparing Q1 2024 with Q4 2023:
Malicious-url-sucuri +5910%
Malicious-url-sucuri detections, potentially one of the most dangerous online business security threats increases, saw a striking rise of +5910% in Q1 2024! This is a steep increase that is worth keeping a close eye on, if you are not using a Malvertising Prevention & Ad Quality Solution to keep your website or Ad Network safe from Malicious URLs and other threats, this should be enough of a wake up call to look into it. Malicious URLs host non-compliant content including spam, phishing, drive-by exploits and more. This detection’s intention is luring unsuspecting end users into scams that could easily end up in substantial monetary loss, theft of private information, and Malware installation.
Insight: There are a few simple steps that end users can take to recognize Malicious URLs. For instance, hovering over a URL displays the domain where the end user will be taken, so if it looks strangely structured or unknown, best not to click! However, most end users click on links without thinking; according to StationX, human error contributes to 95% of successful cyber online security breaches! Which is why these kinds of attacks are constantly rising in popularity, making it key to implement robust security measures against online threats and ad violations.
Unwanted-programs-webrisk +4306.7%
Unwanted-programs, another one of the biggest online security threats of 2024, dupe end users into installing malicious programs using ads posing as legitimate software with the end goal of selling end user data and showing them intrusive advertising. This threat inserts itself in browser add-ons and infiltrates in bundles that contain legitimate software installs. The end users unintentionally install them, which results in their data being harvested by third parties in order to target them for illegitimate and intrusive advertising. The whole strategy is designed to effortlessly increase the Malvertiser’s gains, being one of the most dangerous Ad Security threats detected in 2024.
Insight: Once installed, Unwanted Programs can be updated automatically, unbeknownst to the end user. Meaning that they can be abused in supply chain attacks. In other words, they can spread through the end user’s system or network, affecting anybody else who uses the WIFI or network that has been compromised.
Auto-download +318.54%
Malicious Software Downloads, often referred to as Auto-Downloads, encompass a variety of digital threats designed to infiltrate end users’ computer, mobile device, or network with harmful intent. Again this detection displays one of the most dangerous online business security threats increases of 2024 Q1. Malware can take various forms, including Viruses, Trojans, Spyware, Adware, Ransomware, Phishing, and more. It is a very sneaky violation which clearly displays how important it is to implement security measures against online threats and ad violations. These programs are typically disguised as legitimate software, tempting unsuspecting users to download and install them, similarly to Malicious APK Files.
Malvertising insight: This violation could be especially dangerous for Android users, since the Android operating system uses APK (Android Package Kit) files to install legitimate applications, but these can be manipulated by Malvertisers to distribute malicious software! These attacks can be disguised as popular apps, games, or utilities, tempting users to install them. Once installed, these files can gain unauthorized access to sensitive data, take control of devices, or cause other harmful actions.
Auto-pop +239.53%
Displaying noticeable online security threat detections increases worldwide, Auto-pops are non-compliant ads that Malvertisers insert into the ad supply chain of an Ad Network and that automatically trigger pops (both Pop-ups and Tabunders) without user interaction. These are different from normal Pop-up ads; because their content just triggers automatically, they can be very annoying to the end users and could also be dangerous depending on the content contained by the ad. Google penalizes websites for showing this non-compliant ad format, so it could very easily end up in a Publisher website being blocked by Google, heavily impacting their revenues and traffic growth.
Malvertising insight: Some Auto-pop ads contain Malware and malicious software such as Spyware and drive-by attacks. Because Auto-pops trigger without any interaction required, this can be disastrous for the end user, who won’t even need to press a deceitful CTA in order to get their device infected!
Phishing-url-webrisk +162.52%
Yet another one of the most dangerous online business security threats increases, Phishing attacks are User Security violations which tricks website audiences into revealing personal or sensitive information (for example, passwords, phone numbers, or credit cards). There are several ways to spread Phishing attacks, including mail and malicious URLs. The content of a Phishing site mimics the look and feel, like a trusted entity, like a browser, operating system, bank, or government. This AdSecure detection is based on Phishing URL violations from Google WebRisk and it can be very dangerous do the end user, making security measures against online threats and ad violations such as AdSecure necessary to keep a safe online environment.
Insight: According to Helpdesksecurity, in 2023, the United States (55.9%), United Kingdom (5.6%) and India (3.9%) emerged as the top countries targeted by Phishing scams. Also, Millennials are the top targets for Phishing attacks, receiving 37.5% of Phishing emails!
Permission-geolocation +130.43%
A permission request notification is sent to the end user to access their device’s geolocation, clipboard, etc. These are different from the regular permission notifications when the end user gives location access for an app. Rather, these are unsolicited requests that pop up seemingly out of nowhere without end user interaction, which can be very alarming and dangerous: if the end users mistakenly accepts the request, it could end up with Malvertisers accessing their personal data, being able to track their live location! Which makes them one of the biggest online security threats of 2024.
Insight: Although we would be talking about a not so likely worst case scenario, if a hacker or Malvertiser gets to find your end users’ exact location, this could even lead to major crimes such as robbery or even stalking! The more usual scenario though would be for a Malvertiser to use end users location for illegitimate advertising purposes, sending them unrequested ads that are bothersome and can contain more threats.
Unsafe-content-adult +108.90%
Yet another one of the most dangerous online business security threats increases. AdSecure scans image creatives for unsafe content. In this case, AdSecure scans detected Adult elements such as nudity, pornographic images or cartoons, or sexual activities. This type of content may not be desirable for a Publisher’s website and can be very damaging to their Brand, and even though a Malvertiser may have used a non-adult related creative when the campaign was first approved, bad actors can change the creative after the approval process to show unsafe content.
Insight: According to Aura, nearly 75% of teens worldwide have been exposed to pornography online at least once, a few of them accidentally. We are talking about content that may be damaging for younger audiences’ minds, potentially impairing their development as they grow into adulthood and causing social problems. So it is paramount to monitor and erase this online threat.
IAB Standards violations Q1 2024: IAB standard ad sizes and quality violation increases
IAB Standards terms and conditions for online advertising are designed to stop bad ads damaging your online brand reputation, whether you are a Publisher or an Ad Network. Displaying the most dangerous online business security threats increases of 2024, it is paramount to keep an eye on this category. As we can see below there have also been significant increases in IAB detections in Q1 2024. Although our Ad Network and Publisher clients have been using AdSecure’s software to monitor this detection and to educate their Advertisers, the labor is far from done. This could be due to Advertisers changing creatives and assets regularly and forgetting to optimize them properly after every change, or due to new Advertisers joining the Advertising business. So, it is still extremely important for Ad Networks and Publishers to continue with their task of making their Advertisers aware of the importance of following Industry Standards. Because not complying with them can negatively impact website performance, impair user experience, reduce important metrics such as ad clicks and eCPMs, and ultimately negatively affect ad revenues. Also, it is important to remember that Google can penalize or block websites that fail to meet IAB standards terms and conditions for online advertising!
Iab-ad-dimensions increase by +2733.9%, making it possibly the most dangerous online business security threat increase of the entire quarter! It is important to bear this IAB standard ad sizes and quality detection in mind, since it flags ads that are not compliant with the IAB Standards in terms of ad dimensions. The IAB recommends ad dimensions to be in the range of 100x200 - 150x300 so that it can be shown its best across devices and browsers. So, not abiding by this specific standard means that websites will show badly displayed ads that will most likely not convert, and will give a bad image to the website where they are being displayed, as well as to the advertiser promoting the ad campaign!
Iab-ad-compression +435.07%; yet enother detection to display steep online security threat detections increases worldwide, this detection flags ads that are not delivered in a compressed format. To optimize the file size for delivery of an ad to a browser, the assets within the ad should be delivered in compressed formats such as gzip.
Iab-ad-weight +331.94% detects ads that are too heavy and are not compliant in terms of weight (initial load and sub-load). This detection will flag ads that are not compliant with the IAB standards in terms of ad weight (initial load and sub-load). IAB recommends an ad size with an initial load of maximum 50KB and a sub-load of maximum 100KB.
Iab-ad-request-count +179.76% flags ads that are not compliant with the IAB standards in terms of ad request count - The IAB recommends a maximum of 10 requests, which is an important metric to take into account when it comes to IAB standards terms and conditions for internet advertising. Ads consist of multiple resources and the number of requests made to fetch them has a significant impact on the load performance of the ad as well as on the page where it will be displayed.
Conclusions: Most dangerous online business security threats increases of 2024
Our goal at AdSecure is to help you protect your ad supply chain and end users against malicious or non-compliant advertising, as well as the most dangerous online business security threats increases. And as you can see judging by the steep increases in Malvertising activity and IAB standard ad sizes and quality reflected on the data above, now more than ever it is important to continue monitoring ad campaigns to erase online threats and protect your end users against the biggest online security threats of 2024. Want to start protecting your online business with our 360 degree monitoring and protection for your ad supply chain against bad ads? Are you looking for great security measures against online threats and ad violations? Sign up and try AdSecure for free now!