Confiant Threat Intelligence Team • 4 minute read
Confiant releases H1 2023 Malvertising and Ad Quality Index
Q1 2023 Ad Security Violation Rate Reaches Highest Level in Four Years, According to Report
Key highlights of H1 2023 Malvertising Ad Quality Index:
- Serious security or quality issues were detected in one of every 106 impressions.
- The security violation rate in Q1 2023 hit its highest level in four years.
- On average, one in every 370 impressions delivered in H1 2023 was a security risk to the user.
- While the quantity of security incidents increased for most major SSPs, their average response times greatly improved overall.
- Firefox users were the most impacted by security issues, with a rate worse than Edge, and almost two and a half times worse than Google Chrome.
- Fake Update ads were the most prevalent security issue in H1.
Confiant, the anti-malvertising leader for the ad tech industry, today published the H1 2023 industry benchmark report, Malvertising & Ad Quality Index (MAQ). This is the eighteenth report in the series. It summarizes the state of ad quality, malvertising and consent compliance in the global digital ad industry in the first half of 2023. Confiant analyzed a sample of more than 500 billion advertising impressions monitored in real time from January 1 to June 30, 2023, across tens of thousands of premium websites and apps to compile the MAQ index.
The report identifies that during Q1 2023 the ad security violation rate reached its highest point in four years, with the industry-wide ad security violation rate doubling due largely to cloaked ads. More than one in every 370 impressions throughout H1 presented a security risk to the user. Almost all major SSPs saw an increase in the number of security incidents, however their average response times greatly improved overall. The most prevalent security issue in H1 were Fake Update ads.
The ad quality violation rate also rose by 50% to a high of 0.70%. The elevated levels resulting from Heavy Ads — ads with characteristics like high network load, large number of unique hosts, or Chrome Heavy Ad Intervention. When combining quality and security, more than one in every 106 ad impressions were dangerous or highly disruptive to the end user.
Almost every country had noticeable increases in ad security issues over their 2022 levels except for Canada and Italy. Great Britain had the highest rate of security issues, 40% higher than Canada - the next highest. Italy and Japan were the safest markets in this period.
The ad quality violation rate was highest in Great Britain, the USA, and Japan. Great Britain had both the highest security and quality violation rates in H1 2023. When comparing ad violation rates by bidding framework, Google greatly outperformed Amazon TAM on quality issues.
Results by browser type identified that users of Firefox for Windows experienced the highest rate of ad security violation issues, with Windows Edge users in a close second place. And while Chrome performed well for security issues across all platforms, it performed relatively poorly for quality issues. When grouped across all operating platforms Firefox users were the most impacted by ad security issues, with Edge in second place. Safari and Chrome users were half as likely to experience ads with security issues.
The report included detailed assessments of the top 14 SSPs, where the vast majority of global impressions originate, in more than 100 SSPs and demand sources that Confiant tracks. The top performers of low security violations for the half-year were SSP-E, OpenX, and Sharethrough, each achieving a rate of less than 0.01%.
Averages can mask significant day-to-day variation in performance, so it’s important to note the upper bound of the security violation rate for each SSP to get a sense of overall risk. In H1 2023, SSP-O recorded the highest daily security rate for the quarter, at 3.11%, meaning that at least one day during H1, more than one in 33 impressions from SSP-O had security issues.
SSPs differ in their ability to respond to attacks once they are underway. So, we measure how long it takes from when a threat first appears on an SSP to when it’s last seen. Almost all major SSPs saw an increase in the number of security incidents during the measured period. In H1 2023, SSP-C and OpenX had the fastest response times, while OpenX experienced the fewest incidents. Overall, response times were dramatically lower when compared to 2022.
Confiant allows publishers to block creatives across 100+ different industry categories, including common business verticals and sensitive topics. Gambling was the most blocked ad category at 27%, followed by Alcoholic Beverages at 10%, surpassing the usual second place holder, Pharmaceutical Drugs - now in third place at 9%. Surprisingly, while these top three categories represented 66% of all blocks in 2022, they now account for less than 50% while other sensitive categories have increased their share of blocked ads.
Quality violations cover a diverse array of non-security issues that disrupt or impair the user experience. Examples include Auto Video, Heavy Ads, Misleading Claims, and Nudity. For most SSPs in H1 Heavy Ads was consistently the most common Quality issue. Display ads that auto-play video without any user interaction are also common. Misleading Claims — ads that use misleading language or imagery to garner clicks or sell products and services of dubious quality — was still the largest issue for Google.
Confiant first introduced the quarterly report, originally known as the Demand Quality Report, in September 2018, as the industry's first benchmark report. The 2023 H1 MAQ Index is the eighteenth report in the series, and is available by visiting https://www.confiant.com/maq-index
About Confiant, Inc.
Confiant is the cybersecurity leader in detecting and stopping Malvertising attacks. Having built hundreds of integrations directly into the web’s ad tech infrastructure, Confiant has unparalleled visibility to the malware, scams, and fraud serving through ads today. Leveraging our security expertise, we deliver complete control over ads to publishers and ad platforms, also remediating quality issues, privacy violations, and mis-categorized ads. In publishing the industry’s leading ad quality benchmark report and mapping the threat actors that use ads-as-an-attack-vector at Matrix.Confiant.com, Confiant is leading the charge in protecting users from criminals hijacking the ad tech supply chain. Trusted by customers like Microsoft, Paramount, and Magnite, we celebrate our 10th anniversary this year.
Follow us on Social
@Weareconfiant or visit www.confiant.com
for more information.