Looking back on 2020: Review on Malvertising activity and Ad Quality

By David Lim

05 January 2021


This gif summed up 2020 fairly well. 

summing up 2020

Source: Giphy

Although most of us are glad that the dumpster fire of 2020 is behind us, we here at Confiant feel it’s important to reflect on the ad ecosystem’s progress over the past year (no matter how crazy it was). 

Before we dive into our year-in-review, we wanted to thank all of our customers and loyal fans for being an integral part in helping improve the digital ad ecosystem and keeping users safe. 

Without further ado, let’s start with how the industry fared against malvertising in 2020. 

The State of Malvertising in 2020

We kicked off the year with malicious impressions slightly increasing from Q4 2019 but overall, we’ve seen it significantly decline year over year. Although 2020 was difficult in many ways, we’ve continued to see the rate of security issues decrease every quarter (as you can see from our quarterly reports).

Confiant Demand Quality Report - Q2  Confiant Demand Quality Report - Q3

Source: Confiant Demand Quality Reports

While this is great news, this only provides the quarterly average and can mask day-to-day performance. For malvertising, most of the damage is done with quick yet effective campaigns and at the end of May, we came across one of the biggest attacks we have seen in all of 2020 (and the last 12 months). 

Biggest Malvertising attack of 2020

With an overall impact of over 900MM compromised programmatic impressions, the attack was felt far and wide with the highest concentrations in Germany, Italy, France, Spain, and other European countries. 

Next up, we’ll talk about the types of tactics bad actors implemented in these large scale attacks.

Malvertising tactics in 2020

As our Sr. Security Engineer Eliya Stein put it in one of his most popular research pieces of the year on the status of drive-by downloads

“It’s 2020 and we can still force downloads that are not user-initiated, without any prompts from cross-origin iframes in half of the major browsers out there, why?”

It's interesting that even with all the advancements we’ve made with internet and browser security, drive-by-downloads and forced redirects are still a big problem. To make matters worse, back in January, we uncovered a new technique that utilized fake celebrity endorsements to phish users into bitcoin scams, which has since then, become the latest trend in malvertising. This new scam tactic increased 136% in just the first half of 2020.

Criminal Scams up 136 percent

Source: Confiant Demand Quality Report - Q2 2020

In Q3 alone, this new criminal scam technique represented 16% of total security issues in Q3 with peak levels as high as 65%.

Criminal Scams in Q3Source: Confiant Demand Quality Report - Q3 2020

 

Watch our CTO Jerome break down this new phase of malvertising tactic 

The best and worst SSPs of 2020

Another area we like to review is on supply-side platforms and their performance. When reviewing SSPs in years past we examine how SSPs have been handling security issues and improving on their ad quality over the course of the year. Are they getting better or worse? Most of us would think that Google AdX would reign supreme and above the rest when it comes to this but even Google had difficult quarters (although it should be noted, that they always made it to the Top 5 when it comes to least security and quality violations). 

SSP Performanmce - Q1SSP Performance - Q2

SSP performance - Q3

Overall, it seems SSPs have improved over the last 3 quarters when you take a look at the average, but the gaps between the best and worst are still pretty wide. Last quarter, the worst-performing SSP had security violation rates over 50x that of the best performing. Not only that,  the same SSP was the worst performer 2 quarters in a row (if you’re curious to know the identities of the SSPs, feel free to reach out). Aside from that, there aren’t any clear winners for best performing SSP as they alternate quarter by quarter but you can clearly tell which SSPs make it a priority (SSP-C, SSP-J, SSP-G, SSP-B, and Google).

When it comes to Ad Quality, unfortunately, it seems like video arbitrage, heavy ads, and pop-ups will continue to be a nuisance for the upcoming year as we’ve seen these issues increase by more than a third in Q3. Overall, SSPs performed worse quarter by quarter with Ad Quality.

Ad Quality issues by SSP - Q1Ad Quality Issues by SSP - Q2

Ad Quality Issues by SSP - Q3

While Google has been sensitive around poor ad experiences, diligently clearing up low-quality ads and ranking 2nd place every quarter, other SSPs have been inconsistent with SSP-H being consistent in ranking last place every quarter.

More stats for your consideration

Before we wrap up, here is a snapshot of some snapshots from Q3 2020 as we get ready to provide you with our Q4 report soon. 

  • Threat actors are combining evasion tactics in ever more sophisticated ways, with cloaking, image manipulation, and the use of homoglyphs rising to the fore in Q3.
  • Travel sites were more than 2x as likely as the average site to be hit with a security issue 
  • When under sustained attack, SSPs had days where 1 in 25 impressions was a security violation 

A lot to take in. If you're curious to learn more, you can download our full report here. If you need any of the Confiant team, you can reach out at support@confiant.com

Cheers,

The Confiant Team