Improve your user experience, user trust, & prevent revenue disruption by knowing what's happening within the programmatic ecosystem with our Demand Quality Report.
The global Security violation rate declined significantly from Q2 to Q3, driven by continued improvements at a number of larget SSPs. Conversely, the Quality violation rate increased by more than a third.
The rate of Security issues in the U.S. exceeded that of all European countries except Spain. Quality issues also tended to be more prevalent in the U.S.
How did the industry fare in Q3 2020?
Q3 Violation Rates by Country
Violation Rates by Header Bidding Framework
SSP-F was the worst performer by a significant margin, with a security violation rate over 50x the best-performing SSP. SSPs K, H, and L also struggled with security issues. All other SSPs performed at the level of the overall industry or better.
When under sustained attack, even the best performing SSPs had days where 1 in 25 impressions was a security violation, putting publishers and users at considerable risk.
Security Violation Rate by SSP
Daily Maximum Malicious Rate by SSP
Quality Violation Rate by SSP
This relatively new attacker has been buying large volumes of traffic since Q4 2019 to execute forced redirects to carrier-branded scams. The primary mode of operation for Nephos7 is to churn and burn dozens of CDN subdomains, sometimes for a single push. They leverage well known CDN providers in order to avoid registering multiple domains.
This is a common tactic used by malvertisers who try to fly under the radar, but Nephos7 relies on it quite heavily.
We believe there to be a close relationship between Nephos7 and eGobbler based on a certain shared tactics, techniques, and timing.
eGobbler runs their campaigns in big waves that usually gravitate around the weekends. Lately, the majority of their activity has been centered around European countries, where they deliver disruptive, highly targeted carrier-branded scams.
This is a sophisticated attacker that has been observed to exploit sandbox bypasses in both Chrome and Webkit in order to maximize the impact of their campaigns. Learn more about eGobbler.
Yosec is a threat actor that pushes fake Flash drive-by downloads and tech support scams via forced redirection.
The bulk of their activity targets Mac devices, particularly the Safari browser.
Yosec malvertising activities are categories by short, targeted bursts, but at time we have observed up them to ramp up to large volumes over the course of several hours.
This relatively new attacker has been buying large volumes of traffic since Q4 2019 to execute forced redirects to carrier-branded scams. The primary mode of operation for Nephos7 is to churn and burn dozens of CDN subdomains, sometimes for a single push. They leverage well known CDN providers in order to avoid registering multiple domains.
This is a common tactic used by malvertisers who try to fly under the radar, but Nephos7 relies on it quite heavily.
We believe there to be a close relationship between Nephos7 and eGobbler based on a certain shared tactics, techniques, and timing.
eGobbler runs their campaigns in big waves that usually gravitate around the weekends. Lately, the majority of their activity has been centered around European countries, where they deliver disruptive, highly targeted carrier-branded scams.
This is a sophisticated attacker that has been observed to exploit sandbox bypasses in both Chrome and Webkit in order to maximize the impact of their campaigns. Learn more about eGobbler.
Yosec is a threat actor that pushes fake Flash drive-by downloads and tech support scams via forced redirection.
The bulk of their activity targets Mac devices, particularly the Safari browser.
Yosec malvertising activities are categories by short, targeted bursts, but at time we have observed up them to ramp up to large volumes over the course of several hours.
