For this report, AdSecure analyzed over 100 million ad campaigns between January 1 and June 30, 2021.
These results provide insight into the behavior of cybercriminals in the first and second quarters: where they were most prolific, how they carried out their attacks, their malicious weapons of choice, and what AdSecure’s detections revealed in order to ” stop and protect end users from malicious ads.
1 in 4 analyzes revealed 1 violation and 1 in 20 analyzes revealed more than 3 violations detected.
24.39% of scans detected 1 violation
10.12% of analyzes detected 2 violations
7.56% of scans detected 3 violations
4.85% of scans detected more than 3 violations
Overview: “Malvertisers often try to inject multiple violations into a single ad campaign to attempt to squeeze through the detection net, like the actual ad creative, landing page, URL, redirect path / chain,” the code hidden in the iframes. Detecting and identifying violations requires a robust detection solution. Many ad protection solutions claim that real-time blocking is good enough for ad networks and publishers, but it’s not. In order to detect malicious ads, ad networks and publishers should analyze before the campaign is launched, while the campaign is in progress, in case malicious actors modify any elements of the campaign after its approval, and as a final check. , real-time blocking. AdSecure offers this three-step detection solution as standard. “
Marketing Technology News: Why Your Business Should Start Accepting Crypto Payments
“39.5% of scans detected user experience violations. “
These violations directly affect the end user with annoying or malicious activity within ad campaigns. AdSecure saw a slight increase in detections of 4.1% of UX violations when comparing Q1 and Q2.
The top 4 user experience breaches used by cybercriminals in Q1 and Q2 as a percentage were:
Looking deeper, comparing Q1 to Q2, our detections revealed that bad actors dramatically increased their business using these three breaches, with cybercriminals multiplying in particular on:
Automatic downloads + 956%
Back button hijacking + 69%
Automatic redirects + 67%
Overview: “Every user experience violation is considered non-compliant by Google. If violated repeatedly, it can affect a publisher’s Google rankings and lead to the risk of being blocked by the world’s largest browser, Chrome. For ad networks, allowing these breaches to reach end users will affect relationships with all affected publishers on their ad network.
“22.5% of scans detected user security breaches. “
The top 4 user security breaches detected by cybercriminals in Q1 and Q2 as a percentage were:
Overview: “Overall, the lion’s share of detections went to Malicious url at 67.4%. Malicious URLs are very popular with malvertisers because they can lead users to bogus or fraudulent websites where they then trick them into downloading malware or stealing their personal information, login credentials or even user data. company, which can have serious consequences for the safety of users.
The second highest was SSL non-compliant at 29.4%. When an insecure ad is served using http, instead of https, there will be a Chrome warning prompt on the user’s browser, where the end user can stop serving the. ad or Chrome can even block the entire page, because Google reports domains without SSL as dangerous. In order to ensure that the ads work as expected and that all data transmitted between the web server and the user is private and complete, publishers and ad exchanges must ensure that not only their ad server, but also the ad itself and all of its elements must be using a secure SSL connection. At 29.4%, it shows that noncompliant SSL is still a big deal in the online advertising industry. Additionally, if an ad is flagged as unsafe for an end user browsing a publisher site, it erodes the end user’s trust in the website being viewed.
Driving cryptocurrency mining at 2% of detections, this occurs when cybercriminals use the CPU power of an end user’s device to secretly mine cryptocurrencies without the owner’s consent or knowledge because they clicked on an ad or a malicious ad link. Cybercriminals use a Browser Locker script that they inject into advertisements. When an end user clicks on the ad, it disables any action taken by an end user to close the browser, essentially locking the user’s device. Any attempt to close the browser results in a warning message requiring ransomware to unlock the device. AdSecure found that 1.2% of detections were using the browser lock script. Ransomware can significantly damage an end user’s relationship with a publisher site that caused this user security breach.
We took a look at the top 6 GEOs targeted by cybercriminals with user security breaches: US, UK, Germany, Spain, India, and Brazil. Overall, these 6 GEOs received the following percentage of user security breach detections:
82.1% of all phishing URL detections
74% of all Scareware detections
68.6% of all Ransomware detections
50.4% of all Drive-by crypto-mining detections
45.3% of all malicious URLs
35.7% of all non-SSL compliant detections
25.7% of all malware detections
Additionally, the United States topped the list for phishing URL detections with 52%, Brazil topped the Scareware list with 30.8% of detections and the United Kingdom topped the list for Drive-by cryptocurrency mining with 21.4% of all detections.
Marketing Technology News: How the pandemic is accelerating the mobile forms revolution
16.1% of scans detected unsafe adult content.
AdSecure identifies ad creatives that feature images or videos of Adult Only / Not For Work (NSFW) content. Adult content may contain such material as photos / cartoons showing nudity or sexual activity. AdSecure found that 16.1% of crawls detected adult content in ad creatives. Currently, several countries, including the UK, Australia, Germany, France and Ireland, are developing age restriction laws for online content so that those under the age of 18 are not exposed. adult content online. It is therefore imperative that publisher sites open to all age groups block ad creatives that feature adult content.
Overview: “Publisher sites could break the law in some GEOs, for example 3.4% of adult content detections were detected in strictly Muslim countries in the Middle East, including Algeria, Saudi Arabia, the United Arab Emirates, Egypt, Tunisia.
1 in 50 detections found ad creatives that did not meet IAB industry standards.
AdSecure has an IAB standards detection tool that scans ads to verify that they remain compliant with industry standard IAB recommendations. In the latest AdSecure breach report, non-alignment with IAB standards accounted for 2.4% of all scans performed in Q1 and Q2 2021. Of those 2.4% scans , the following graph shows the percentage of detections linked to each IAB standard:
Overview: “Advertising campaigns aligned with the IAB standards lead to higher levels of user engagement and overall conversion, which means these standards play a key role in maximizing revenue from each campaign.
Website performance can be severely affected if industry advertising standards are not met. This creates a bad user experience and end users are less likely to click on the ad, which affects the publisher’s eCPMs
Additionally, now that Google has added web content performance to its SEO rankings, monitoring poor performing ad content can help publishers ensure they avoid SEO penalties in the future. Creative ad weight is also important, as fast-loading ‘lightweight’ ads create a better end-user experience and keep publishers compliant with Google’s Chrome web browser, which unloads ads that use excessive amounts. bandwidth and CPU of a user’s device. Unloaded ads display the following message in the publisher ad area where the ad should be:
This can also happen with HTML / Iframe campaigns where creatives do not adhere to IAB standards.
AdSecure’s IAB Standards Detection Tool can help publishers and ad networks identify unaligned campaigns to stop campaigns before they cause problems for publishers. industry standards and help them maximize their campaign income.
Marketing Technology News: What is the “new state of the art for Martech”?