Improve your user experience, user trust, & prevent revenue disruption by knowing what's happening within the programmatic ecosystem with our Demand Quality Report.
The Security violation rate for 2020 was 0.14%. The rate fell significantly from Q2 to Q3, then remained flat at just under 0.10% for the remainder of the year. This improvement was largely driven by better quality control at two of the largest SSPs. Conversely, the Quality violation rate increased from 0.25% in Q3 to 0.38% in Q4, an increase of over 50%. The Quality violation rate for the full year was 0.24%.
Continuing a trend from past years, European markets in 2020 tended to have higher rates of Security violations than the U.S. or Canada. However, the gap between the U.S. and Europe closed over the year, with the U.S. Securite rate finally exceeding all major European markets by Q4.
How did the industry fare in 2020?
2020 Violation Rates by Country
2020 Violation Rates by Header Bidding Framework
SSP-L had the highest Security violation rate in Q4, with a security violation rate 346x higher than the best performing SSP. For the year, SSPs K and I had the worst overall violation rate, but ended strongly in Q4 with both ranking in the top four. SSPs C, G, B, J, and Google consistently excelled at fending off threat actors, while SSP-F struggled in both Q4 and 2020.
When under sustained attack, even good performing SSPs had days where 1 in 25 impressions was a security violation, putting publishers and users at considerable risk.
Q4 and 2020 Security Violation Rate by SSP
Q4 Daily Maximum Malicious Rate by SSP
Quality Violation Rate by SSP
eGobbler runs their campaigns in big waves that usually gravitate around the weekends. The majority of their recent activity has been centered primarily around the United States and Europe, where they deliver disruptive, highly targeted carrier-branded scams.
This is a sophisticated attacker that has been observed to exploit sandbox bypasses in both Chrome and Webkit in order to maximize the impact of their campaigns.
We believe there to be a close relationship between Nephos7 and eGobbler based on certain shared tactics, techniques, and timing.
Yosec is a threat actor that pushes fake Flash drive-by downloads and tech support scams via forced redirection.
The bulk of their activity targets Mac devices, particularly the Safari browser.
Yosec malvertising activities are categories by short, targeted bursts, but at times we have observed up them to ramp up to large volumes over the course of several hours.
In February of 2021, Confiant was awarded CVE-2021-1765 for reporting an exploit leveraged by Yosec in order to bypass built-in security mitigations in Safari.
DCCBoost campaigns consistently include interesting malvertising innovations from a technical standpoint.
They use a combination. of server-side targeting combined with a. compartmentalized client-side payload in order to deliver the malicious ad in stages.
The Confiant Security Team recently published a detailed analysis of DCCBoost's end-of-year attack on our blog.
In Q3, Confiant witnessed an explosion of new threat actors leveraging Fizzcore-style attacks, as well as a growing sophistication in text and image manipulation. Q4 saw a relative normalization.
While Germany and the UK continue to be prime targets, interest in other geographies spiked and faded, as seen in Australia (very active until October). Eastern Europe is becoming a strong focus of interest since November (e.g. Poland, Hungary, Romania).
Additioanlly, some attackers have gained persistence by aiming at ad platforms (tier-2, native) that do not police against investment scams and provide demand to large SSPs.
eGobbler runs their campaigns in big waves that usually gravitate around the weekends. The majority of their recent activity has been centered primarily around the United States and Europe, where they deliver disruptive, highly targeted carrier-branded scams.
This is a sophisticated attacker that has been observed to exploit sandbox bypasses in both Chrome and Webkit in order to maximize the impact of their campaigns.
We believe there to be a close relationship between Nephos7 and eGobbler based on certain shared tactics, techniques, and timing.
Yosec is a threat actor that pushes fake Flash drive-by downloads and tech support scams via forced redirection.
The bulk of their activity targets Mac devices, particularly the Safari browser.
Yosec malvertising activities are categories by short, targeted bursts, but at times we have observed up them to ramp up to large volumes over the course of several hours.
In February of 2021, Confiant was awarded CVE-2021-1765 for reporting an exploit leveraged by Yosec in order to bypass built-in security mitigations in Safari.
DCCBoost campaigns consistently include interesting malvertising innovations from a technical standpoint.
They use a combination. of server-side targeting combined with a. compartmentalized client-side payload in order to deliver the malicious ad in stages.
The Confiant Security Team recently published a detailed analysis of DCCBoost's end-of-year attack on our blog.
In Q3, Confiant witnessed an explosion of new threat actors leveraging Fizzcore-style attacks, as well as a growing sophistication in text and image manipulation. Q4 saw a relative normalization.
While Germany and the UK continue to be prime targets, interest in other geographies spiked and faded, as seen in Australia (very active until October). Eastern Europe is becoming a strong focus of interest since November (e.g. Poland, Hungary, Romania).
Additioanlly, some attackers have gained persistence by aiming at ad platforms (tier-2, native) that do not police against investment scams and provide demand to large SSPs.
