Improve your user experience, user trust, & prevent revenue disruption by knowing what's happening within the programmatic ecosystem with our Demand Quality Report.
To compile the research contained in this report, Confiant analyzed a normalized sample of more than 650 billion advertising impressions monitored from January 1 to December 31, 2020, from over 40,000 websites and apps. The data was captured by Confiant’s real-time creative verification solution, which allows us to measure ad security and quality on live impressions (not sandbox scans) across devices and channels.
The Security violation rate for 2020 was 0.14%. The rate fell significantly from Q2 to Q3, then remained flat at just under 0.10% for the remainder of the year. This improvement was largely driven by better quality control at two of the largest SSPs. Conversely, the Quality violation rate increased from 0.25% in Q3 to 0.38% in Q4, an increase of over 50%. The Quality violation rate for the full year was 0.24%.
Continuing a trend from past years, European markets in 2020 tended to have higher rates of Security violations than the U.S. or Canada. However, the gap between the U.S. and Europe closed over the year, with the U.S. Securite rate finally exceeding all major European markets by Q4.
How did the industry fare in 2020?
2020 Violation Rates by Country
2020 Violation Rates by Header Bidding Framework
SSP-L had the highest Security violation rate in Q4, with a security violation rate 346x higher than the best performing SSP. For the year, SSPs K and I had the worst overall violation rate, but ended strongly in Q4 with both ranking in the top four. SSPs C, G, B, J, and Google consistently excelled at fending off threat actors, while SSP-F struggled in both Q4 and 2020.
When under sustained attack, even good performing SSPs had days where 1 in 25 impressions was a security violation, putting publishers and users at considerable risk.
Q4 and 2020 Security Violation Rate by SSP
Q4 Daily Maximum Malicious Rate by SSP
Quality Violation Rate by SSP
eGobbler runs their campaigns in big waves that usually gravitate around the weekends. The majority of their recent activity has been centered primarily around the United States and Europe, where they deliver disruptive, highly targeted carrier-branded scams.
This is a sophisticated attacker that has been observed to exploit sandbox bypasses in both Chrome and Webkit in order to maximize the impact of their campaigns.
We believe there to be a close relationship between Nephos7 and eGobbler based on certain shared tactics, techniques, and timing.
Yosec is a threat actor that pushes fake Flash drive-by downloads and tech support scams via forced redirection.
The bulk of their activity targets Mac devices, particularly the Safari browser.
Yosec malvertising activities are categories by short, targeted bursts, but at times we have observed up them to ramp up to large volumes over the course of several hours.
In February of 2021, Confiant was awarded CVE-2021-1765 for reporting an exploit leveraged by Yosec in order to bypass built-in security mitigations in Safari.
DCCBoost campaigns consistently include interesting malvertising innovations from a technical standpoint.
They use a combination. of server-side targeting combined with a. compartmentalized client-side payload in order to deliver the malicious ad in stages.
The Confiant Security Team recently published a detailed analysis of DCCBoost's end-of-year attack on our blog.
In Q3, Confiant witnessed an explosion of new threat actors leveraging Fizzcore-style attacks, as well as a growing sophistication in text and image manipulation. Q4 saw a relative normalization.
While Germany and the UK continue to be prime targets, interest in other geographies spiked and faded, as seen in Australia (very active until October). Eastern Europe is becoming a strong focus of interest since November (e.g. Poland, Hungary, Romania).
Additioanlly, some attackers have gained persistence by aiming at ad platforms (tier-2, native) that do not police against investment scams and provide demand to large SSPs.
eGobbler runs their campaigns in big waves that usually gravitate around the weekends. The majority of their recent activity has been centered primarily around the United States and Europe, where they deliver disruptive, highly targeted carrier-branded scams.
This is a sophisticated attacker that has been observed to exploit sandbox bypasses in both Chrome and Webkit in order to maximize the impact of their campaigns.
We believe there to be a close relationship between Nephos7 and eGobbler based on certain shared tactics, techniques, and timing.
Yosec is a threat actor that pushes fake Flash drive-by downloads and tech support scams via forced redirection.
The bulk of their activity targets Mac devices, particularly the Safari browser.
Yosec malvertising activities are categories by short, targeted bursts, but at times we have observed up them to ramp up to large volumes over the course of several hours.
In February of 2021, Confiant was awarded CVE-2021-1765 for reporting an exploit leveraged by Yosec in order to bypass built-in security mitigations in Safari.
DCCBoost campaigns consistently include interesting malvertising innovations from a technical standpoint.
They use a combination. of server-side targeting combined with a. compartmentalized client-side payload in order to deliver the malicious ad in stages.
The Confiant Security Team recently published a detailed analysis of DCCBoost's end-of-year attack on our blog.
In Q3, Confiant witnessed an explosion of new threat actors leveraging Fizzcore-style attacks, as well as a growing sophistication in text and image manipulation. Q4 saw a relative normalization.
While Germany and the UK continue to be prime targets, interest in other geographies spiked and faded, as seen in Australia (very active until October). Eastern Europe is becoming a strong focus of interest since November (e.g. Poland, Hungary, Romania).
Additioanlly, some attackers have gained persistence by aiming at ad platforms (tier-2, native) that do not police against investment scams and provide demand to large SSPs.
Attempts to compromise the user through the use of malicious ads, trickery, and other techniques. Top issues include:
A creative that includes (often obfuscated) JavaScript that spawns a forced redirect or loads a secondary payload for malicious purposes. Most malicious ads exist to force users to interact with phishing scams, but some infect the user’s device to propagate botnets and other nefarious activities.
Ad platforms that consistently serve as major attack vectors for malicious actors. For a platform to receive this designation, we have to consistently observe malicious campaigns on an ongoing basis so that it becomes unclear whether the platform is negligent, complicit, or just overwhelmed.
Non-security issues related to ad behavior, technical characteristics, or content. Top issues include:
The practice of serving video ads in banner placements without the publisher’s consent, and often without the advertiser’s consent, either. Exploiting an arbitrage opportunity between Display and Video marketplaces, a video ad unit is loaded within a banner placement instead of playing within a media player.
Creative violations across a wide range of different quality specifications selected by the publisher. The dimensions include audio/video related violations, creatives probing for user’s geolocation, the network load of the ad, and much more.
Attempts to compromise the user through the use of malicious ads, trickery, and other techniques. Top issues include:
A creative that includes (often obfuscated) JavaScript that spawns a forced redirect or loads a secondary payload for malicious purposes. Most malicious ads exist to force users to interact with phishing scams, but some infect the user’s device to propagate botnets and other nefarious activities.
Ad platforms that consistently serve as major attack vectors for malicious actors. For a platform to receive this designation, we have to consistently observe malicious campaigns on an ongoing basis so that it becomes unclear whether the platform is negligent, complicit, or just overwhelmed.
Non-security issues related to ad behavior, technical characteristics, or content. Top issues include:
The practice of serving video ads in banner placements without the publisher’s consent, and often without the advertiser’s consent, either. Exploiting an arbitrage opportunity between Display and Video marketplaces, a video ad unit is loaded within a banner placement instead of playing within a media player.
Creative violations across a wide range of different quality specifications selected by the publisher. The dimensions include audio/video related violations, creatives probing for user’s geolocation, the network load of the ad, and much more.
Confiant’s Demand Quality Report provides an inside look into the frequency and severity of ad quality issues in digital advertising. Discover what were the top concerns for premium publishers, how SSPs performed in 2020, and what tactics were employed by malvertisers.
The full report details active threat actors, their techniques, & their impact on the digital ecosystem over the last quarter.
Confiant tracked impressions from over 100 SSPs. However, 75% of global impressions originated from just 12 providers commonly used by publishers. Explore which SSPs are performing the best and worst when it comes to ad quality quarter over quarter.
Download the full report and access the trends and insights you need to protect your revenue and safeguard your audiences.
Confiant’s Demand Quality Report provides an inside look into the frequency and severity of ad quality issues in digital advertising. Discover what were the top concerns for premium publishers, how SSPs performed in 2020, and what tactics were employed by malvertisers.
Download the full report and access the trends and insights you need to protect your revenue and safeguard your audiences.
The full report details active threat actors, their techniques, & their impact on the digital ecosystem over the last quarter.
Confiant tracked impressions from over 100 SSPs. However, 75% of global impressions originated from just 12 providers commonly used by publishers. Explore which SSPs are performing the best and worst when it comes to ad quality quarter over quarter.