News - Confiant

The Q4 2019 Malvertising Outlook: You ain’t seen nothin’ yet

Written by Louis-David Mangin, CEO and Cofounder | Dec 23, 2019 5:00:00 AM

Over the last ten years, malvertising has emerged as a key attack vector for cybercriminals trying to grab an ever-larger slice of the programmatic digital market, which is expected to spend over $80 Billion in the U.S alone by 2021. We saw some major attacks at the tail end of 2018 – The Dandelion Group and the massive eGobbler redirect campaign, for instance – and all indicators point to things being even worse for the tail end of this year.

Our first full-year Demand Quality Report shed light on the (poor) state of quality controls in programmatic and digital advertising overall, and how the lack of these controls jeopardizes user engagement (even as that engagement is emerging as a key-value metric for advertisers and publishers).

A quick look at 2019 so far

Efforts from the industry as a whole fighting the malvertising arms race is starting to show some results with notable declines in the rate of in-banner video (IBV) and in the life span of malicious attacks for the first half of 2019.

However, it’s still too early to say that we’ve won the race when 1 in every 200 programmatic impression remain dangerous or disruptive. The nature of programmatic advertising is highly dynamic and so are malvertisers and their methods of attacks. They are also persistent as we’ve seen with the multifaceted threats from groups like Zirconium, eGobbler, Dandelion and others, all of whom we’ve written extensively about on our security blog this year.

Within the last 3 months alone, we’ve tracked a staggering volume of impacted programmatic impressions from eGobbler. By our estimates, we believe over 1 billion impressions were maliciously compromised by just one of their attacks during August and September.

A look ahead at what to expect

There’s a digital arms race being waged in every security specialization, and the ad tech sector is no different. What is different is the ad tech sector’s Q4 frenzy, which creates the perfect storm for these digital criminals to execute their malicious attacks. As companies like Confiant adapt to better protect against new threats, expect malvertisers and other bad actors to keep up their own technological evolution, orient new attack vectors, while continuing to try and evade detection with new methods that they have honed throughout 2019.

Browser exploits have been the preferred methods for sophisticated attackers this year, and we predict that evasion and obfuscation will be the tactics of choice for malvertisers in the upcoming years, using techniques like steganography and leveraging protocols like WebRTC and WebSocket.

They will broaden their attack vectors and invent new attack types, too. These bad guys are fully aware of the industry efforts to properly sandbox iframes and curb forced redirects, and they’re already working on further ways around these safeguards.

That means publishers will have to take the malvertising threat much more seriously if they want to thwart attacks. As publishers take more ownership of their data and attempt to branch out into new revenue streams, they must understand the threats malvertisers pose and be willing to address them proactively.

Failure to do so can cut into a publisher’s already thin profit margins and ruin their carefully optimized sites. Even a half percent of lost profitability due to malvertising can be devastating.

So, if you thought the beginning of this year was rough – buckle up. The rest of 2019 will be a bumpy ride!