John Murphy

 •  2 minute read

The State of Malvertising in Q3 2019

Programmatic advertising continued its inexorable rise in 2019, but security and ad quality remain major concerns

Confiant gained unique insight into the scale of bad ads in programmatic with the launch of our real-time creative verification solution 3 years ago. For the first time, real impressions could be monitored at scale across a large and diverse publisher base. We recently published our 6th quarterly Demand Quality Report based on this data, analyzing a normalized sample of over 120 billion monitored impressions in Q3 2019. The purpose of this report is to provide the industry with precise data on the frequency and severity of ad quality issues over time, breaking down specific insights into Malicious Ads, In-Banner Video, and more.

Demand Quality Report

How’s the industry doing in Q3?

Q3 2019 showed continued improvement in the rate of malicious impressions as you can see from the diagram below. The rate of malicious impressions fell from 0.25% in Q2 2019 to 0.15% in Q3 2019.

Demand Quality Report

We believe there are many reasons behind the recent decrease in malicious impressions, including greater industry-wide awareness of malvertising, initiatives like TAG’s Certified Against Malware program, and better overall collaboration between SSPs, DSPs, and publishers to resolve issues. These security improvements are a great start, but the ecosystem remains highly fragmented and beset by misaligned business interests, which allow dangerous creatives to still fall through the cracks. Malvertisers still delivered an incredible 4 billion problematic impressions a month.

Watch the State of Malvertising On-Demand Webinar

Highly dynamic nature of attacks

Attacks are extremely unpredictable. They can happen at any moment and at any point in the supply chain. SSPs and publishers have no heads-up and often can’t identify the signal from the noise until it’s too late. While we did note a decline in malicious impressions in Q3, malvertisers’ desire to reach users remains unabated. The number of unique attacks hasn’t actually subsided -- they are just being addressed more quickly. And the overall rate of malicious impressions doesn’t adequately convey the impact of major attacks that still occur through each quarter. Threat actors like to attack in waves as we’ve seen in the past with groups like “eGobbler, launching a massive attack in April that exploited Chrome and WebKit Bugs, infecting over 1 billion ads.

These peak attacks can cause massive damage. Our data shows that SSPs are likely to be hit with at least one major attack every quarter. The chart below shows how SSP-E and SSP-B saw peak levels come in at 45x their overall average in Q3 alone.

Malicious ad rates of top SSPs

It may seem like these peak attacks are random but malvertisers are strategic with how they execute. As trends have shown in Q3, 2018 and prior quarters, attack rates spike during the weekend and around holidays. Malvertisers take advantage of reduced staff levels during these times.

Weekday and Holiday rates of Malicious attacks

We found that an impression served on Sunday is 54% more likely to deliver a Malicious payload than one served during the weekday and 141% more dangerous during the holidays.

Malvertisers in 2019 and beyond

Malvertisers are still active and out there. They will continue to develop new attack methods and evasion techniques. While it’s great to have seen a decline in malicious impressions over 2019, the bad actors behind them have not given up but we’ll be ready.