AdSecure, the innovative cybersecurity company that delivers ad security and ad quality solutions for ad platforms, publishers and app developers, today released its AdSecurity Violations Report for 2019.
AdSecure’s online security solution uses a crawler built around modern browser technology, that then analyses ad creatives and landing pages to detect malicious threats, non-compliance and ad quality issues in real-time throughout the advertising flow.
For this report AdSecure analysed more than 1 million ad campaigns across multiple regions, devices, and browsers for our partners between 1st January to 31st December 2019. These findings provide insights into cyber-criminal behaviour throughout the year: Where they were most prolific, how they delivered their attacks, their malicious weapons of choice, and what AdSecure’s detections revealed in order to stop and protect end users from malicious ads.
27.06% of scans detected some form of Malvertising
AdSecure looked at the ratio of all violation detections (severe security and user experience violations). Globally, there was an average of 2,706 violation detections every 10,000 scans, that’s 27.06%, which shows just how prolific bad actors were and continue to be across publisher and ad network platforms.
In the top 5 GEOs for violations detected by AdSecure, Argentina had the highest percentage of Scareware detections at 67.4%.
AdSecure looked at the top 5 GEOs with the highest percentage of violations: USA, South Africa, France, Argentina and Tunisia:
Browser lockers were responsible for 21% of total violations in our Top 5 GEOs with France having the highest proportion at 43.5%, almost double the USA & South Africa
Scareware was by far the biggest at 52% of our Top 5 GEOs with Argentina having the highest percentage of Scareware at 67.4%.
Malware was at 13.34%, with Tunisia being the country suffering the most attacks at 26.7% and South Africa at 16.6%. Adware represented 10.5% of all attacks with Tunisia also topping our top 5 GEO list at 16.3% .
Phishing URL consisted of 3.12% with France at 4.2%, France and USA around the 3.5% mark.
Countries with smaller online populations are exposed to more violations.
Of AdSecure’s top 10 GEOs for violations detected, AdSecure looked at the percentage of each country’s online population versus the percentage of violations. In the image below you can see that even though Israel has a 0.4% of the top 10 online population it received 7.6% of violation attacks, compared to say the USA with 14% of the top 10 population which received 21% of violation attacks.
Browser detections: devices and Google versus Safari
Now looking globally, AdSecure examined the detections on what browsers bad actors used to target their threats to end users.
On mobile Google leads with 72.3% of violations targeted at Chrome users and on desktop just under a third at 29.9%, but it is Safari on desktop that is the main target for cyber criminals at 33.2%.
The key takeaways
- Malvertising is a global challenge for publishers and their demand partners. While Tier 1 GEOs will always be a fruitful market for cyber criminals to launch attacks, they also routinely target developing markets that are experiencing growth. While the same malicious ad may be running on opposite sides of the globe, it may only be active in one particular location at a given moment in time. Dedicated and routine monitoring for worldwide campaigns is key to detecting every threat, wherever they may be hiding.
- Auto-downloads & Auto-redirects are often the first step in the delivery of more severe attacks, such as malware or phishing threats, and as such should be taken seriously when in play. At the very least they are the cause of a poor user experience when visiting sites or using mobile apps. At worst the user becomes a victim of something far worse, and will likely never return to the site they blame for causing them harm.
- Dedication to frequently monitoring content is the best way for ad operations and compliance teams to ensure threats can be quickly detected and eliminated before they can harm users or damage revenue streams. The impact users have on the digital ads ecosystem is instrumental to its ongoing success. Platform and publisher sites have a duty of care to ensure that each user can engage with content safely, and always have an amazing experience when they do.
You can read AdSecure’s 2019 Ad Security Violations Report here.