Insights and Trends on Ad Security and Ad Quality

Explore Confiant's Q2 2020 Demand Quality Report for the insights you need to protect your revenue and safeguard your audiences.

Ad Security and Quality _ Demand Quality Report - Confiant

Introduction

To compile the research contained in this report, Confiant analyzed a normalized sample of more than 170 billion programmatic advertising impressions from April 1 to June 30, 2020, from over 30,000 websites and apps. The data was captured by Confiant’s real-time creative verification solution, which allows us to measure ad security and quality on real impressions for real users across devices and channels.

Industry View

Confiant - DQR - Industry - Ad Security and Quality

How did the industry fare in Q2 2020?

The U.S. Security violation rate declined significantly from Q1 to Q2, driven by massive improvements at one of the largest SSPs as well as a general shift in threat activity toward Europe.

Confiant - Violation Rates by Country - Ad Security and Quality

Q2 Violation Rates by Country

European markets—Germany and Italy in particular—saw far higher rates of Security issues than the U.S.

In fact, some of the most serious threats we see, such as Fizzcore, were largely confined to Europe.

Confiant - Ad Security and Quality - Violation Rates

Violation Rates by Header Bidding Framework

Download the Full Report

 

How did the industry fare in Q2 2020?

Q2 Violation Rates by Country

Violation Rates by Header Bidding Framework

 

SSP Rankings

Confiant - SSP Violatin Rates - Ad Security and Quality

Security Violation Rate by SSP

SSP-F’s Security violation rate more than doubled from Q1 to Q2, and was over 30x that of SSP-C, the best performer in the quarter. SSP-M retained the 2nd to worst spot from Q1.

Confiant - SSP Rankings - Ad Security and Quality

Daily Maximum Malicious Rate by SSP

When under sustained attack, SSPs had days where over 1 in 10 impressions was a Security risk, putting publishers and users at considerable risk.

Confiant - Sensitive Ad Categories - Q2 2020 DQR

Most Sensitive Ad Categories

Download the Full Report

 

Security Violation Rate by SSP

Daily Maximum Malicious Rate by SSP

Most Sensitive Ad Categories

 

Major Threat Groups Active in Q2

Confiant - Q2 2020 DQR - Threat Groups - Nephos7

Nephos7

This relatively new attacker has been buying large volumes of traffic since Q4 2019 to execute forced redirects to carrier-branded scams. The primary mode of operation for Nephos7 is to churn and burn dozens of CDN subdomains, sometimes for a single push. They leverage well known CDN providers in order to avoid registering multiple domains.

This is a common tactic used by malvertisers who try to fly under the radar, but Nephos7 relies on it quite heavily.

eGobbler

eGobbler runs their campaigns in big waves that usually gravitate around the weekends. Lately, the majority of their activity has been centered around European countries, where they deliver disruptive, highly targeted carrier-branded scams.

This is a sophisticated attacker that has been observed to exploit sandbox bypasses in both Chrome and Webkit in order to maximize the impact of their campaigns. Learn more about eGobbler.

Confiant - Q2 2020 DQR - Threat Groups - eGobbler
Confiant - Threat Groups - Fizzcore

FizzCore

FizzCore is a significant newcomer. An attacker that sits at the increasingly blurred boundary between malvertising and deceptive ads, FizzCore has perfected the art of audit circumvention to exploit the gullibility of aspiring cryptocurrency investors. Eschewing forced redirects, FizzCore uses evasion techniques to bypass ad quality reviews and drive users to cybersecurity scam sites.

Evasion techniques include cloaking (display of fake ad creatives and landing pages to ad quality scanners), reputation and relationship building in the ad ecosystem, and carefully crafted localized campaigns using celebrity endorsement clickbait. Learn more about FizzCore.

Confiant - Q2 2020 DQR - Threat Groups - Nephos7

Nephos7

This relatively new attacker has been buying large volumes of traffic since Q4 2019 to execute forced redirects to carrier-branded scams. The primary mode of operation for Nephos7 is to churn and burn dozens of CDN subdomains, sometimes for a single push. They leverage well known CDN providers in order to avoid registering multiple domains.

This is a common tactic used by malvertisers who try to fly under the radar, but Nephos7 relies on it quite heavily.

Confiant - Q2 2020 DQR - Threat Groups - eGobbler

eGobbler

eGobbler runs their campaigns in big waves that usually gravitate around the weekends. Lately, the majority of their activity has been centered around European countries, where they deliver disruptive, highly targeted carrier-branded scams.

This is a sophisticated attacker that has been observed to exploit sandbox bypasses in both Chrome and Webkit in order to maximize the impact of their campaigns. Learn more about eGobbler.

Confiant - Threat Groups - Fizzcore

FizzCore

FizzCore is a significant newcomer. An attacker that sits at the increasingly blurred boundary between malvertising and deceptive ads, FizzCore has perfected the art of audit circumvention to exploit the gullibility of aspiring cryptocurrency investors. Eschewing forced redirects, FizzCore uses evasion techniques to bypass ad quality reviews and drive users to cybersecurity scam sites.

Evasion techniques include cloaking (display of fake ad creatives and landing pages to ad quality scanners), reputation and relationship building in the ad ecosystem, and carefully crafted localized campaigns using celebrity endorsement clickbait. Learn more about FizzCore.

Definitions

Security Violations

Attempts to compromise the user through the use of malicious ads, trickery, and other techniques. In this report, we break out malicious ads and high-risk ad platforms. The violation rate is calculated by dividing the number of impressions exhibiting a particular issue by the total impressions monitored. Except for the Q2 Rates by Country slide, all data is based on traffic generated in the U.S.

Malicious Ads

A creative that includes (often obfuscated) JavaScript that spawns a forced redirect or loads a secondary payload for malicious purposes. Most malicious ads exist to force users to interact with phishing scams, but some infect the user’s device to propagate botnets and other nefarious activities.

High-Risk Ad Platforms (HRAPs)

Ad platforms that consistently serve as major attack vectors for malicious actors. For a platform to receive this designation, we have to consistently observe malicious campaigns on an ongoing basis so that it becomes unclear whether the platform is negligent, complicit, or just overwhelmed.

Quality Violations

Non-security issues related to ad behavior, file weight, or content. In this report, we break out in-banner video ads and other quality issues.

In-Banner Video (IBV) Ads

The practice of serving video ads in banner placements without the publisher’s consent, and often without the advertiser’s consent, either. Exploiting an arbitrage opportunity between Display and Video marketplaces, a video ad unit is loaded within a banner placement instead of playing within a media player.

Other Quality Issues

Creative violations across a wide range of different quality specifications selected by the publisher. The dimensions include audio/video related violations, creatives probing for user’s geolocation, the network load of the ad, and much more.

Definitions

Attempts to compromise the user through the use of malicious ads, trickery, and other techniques. In this report, we break out malicious ads and high-risk ad platforms. The violation rate is calculated by dividing the number of impressions exhibiting a particular issue by the total impressions monitored. Except for the Q2 Rates by Country slide, all data is based on traffic generated in the U.S.

A creative that includes (often obfuscated) JavaScript that spawns a forced redirect or loads a secondary payload for malicious purposes. Most malicious ads exist to force users to interact with phishing scams, but some infect the user’s device to propagate botnets and other nefarious activities.

Ad platforms that consistently serve as major attack vectors for malicious actors. For a platform to receive this designation, we have to consistently observe malicious campaigns on an ongoing basis so that it becomes unclear whether the platform is negligent, complicit, or just overwhelmed.

Non-security issues related to ad behavior, file weight, or content. In this report, we break out in-banner video ads and other quality issues.

The practice of serving video ads in banner placements without the publisher’s consent, and often without the advertiser’s consent, either. Exploiting an arbitrage opportunity between Display and Video marketplaces, a video ad unit is loaded within a banner placement instead of playing within a media player.

Creative violations across a wide range of different quality specifications selected by the publisher. The dimensions include audio/video related violations, creatives probing for user’s geolocation, the network load of the ad, and much more.

Get Armed With the Right Ad Insights for Publishers. Download the Full Report.

Confiant’s Demand Quality Report informs publishers on current trends and insights by analyzing over 170 billion programmatic advertising impressions from over 30,000 sites and apps. For the full report, fill out the form to the right.

Understand how new threat actors are using advanced evasion tactics.

The full report details additional active threat actors, including new threats like FizzCore who use sophisticated evasion tactics and deceptive imagery.

Learn why the size of a SSP doesn't guarantee quality.

While we did not observe a correlation between SSP size and violation rate in our report, one of the largest SSPs we tracked was the worst overall performer. Download our full report for more information.

Download the full report and access the trends and insights you need to protect your revenue and safeguard your audiences. Fill out the form below:

Get Armed With the Right Ad Insights for Publishers. Download the Full Report.

Confiant’s Demand Quality Report informs publishers on current trends and insights by analyzing over 170 billion programmatic advertising impressions from over 30,000 sites and apps. For the full report, fill out the form to the right.

Download the full report and access the trends and insights you need to protect your revenue and safeguard your audiences. Fill out the form below:

Understand how new threat actors are using advanced evasion tactics.

The full report details additional active threat actors, including new threats like FizzCore who use sophisticated evasion tactics and deceptive imagery.

Learn why the size of a SSP doesn't guarantee quality.

While we did not observe a correlation between SSP size and violation rate in our report, one of the largest SSPs we tracked was the worst overall performer. Download our full report for more information.