How malvertising affects the entire organization and what businesses can do to stop it

By Louis-David “LD” Mangin, CEO and co-founder, Confiant Globally, one in every 500 online ads exhibited security issues, reported in the Confiant 2022 H1 MAQ Index , the highest security violation rate since early 2020

By Louis-David “LD” Mangin, CEO and co-founder, Confiant

Globally, one in every 500 online ads exhibited security issues, reported in the Confiant 2022 H1 MAQ Index , the highest security violation rate since early 2020. That means that nearly every business in the free world is affected by malicious advertising (malvertising) through the online advertising ecosystem. From the outside it’s not always clear how that affects every faction of the organization. Here, we look at malvertising as an attack vector and how it affects organizations

What is malvertising and how does it drive user attacks?

Malvertising is a common attack vector used by cybercriminals to hijack your brand and victimize your customers. Malvertising is the cybercriminal practice of injecting malicious or malware laden digital advertisements into legitimate online advertising networks and web pages. But how does malvertising work in practice? Cybercriminals (threat actors) place malvertising through programmatic bidding, but also via direct placements and native ads, that exploit security weaknesses in the digital ad networks.

It’s easy for threat actors to distribute malicious ads to millions of unsuspecting users on a daily basis through the digital ad networks. Unlike ad fraud, which compromises the quality of web traffic through fake users and bots to steal money from the ad network, malvertising compromises the safety and quality of digital ads, to spread malware or phishing campaigns to end users. While ad fraud mainly impacts advertisers and publishers by using bots to imitate real human web traffic that steals revenue from the ad ecosystem, malvertising primarily targets users with tactics like:

• Forced redirects
  
• Cloaking
  
• Clickbait leading to scams
  
• Hijacked brands
  
• Drive-by-downloads
  
• Malicious adware
  
• Fake anti-virus or software updates
  
• Malicious native ads
  
• Disinformation scams
  
• Phishing
  
• Malicious browser extensions

Of course, attacks on users also impact publishers and advertisers by damaging their reputation, earning them poor user ratings, user mistrust, and reductions in viewing audience.

Malvertising’s effects on the organization

Let’s face it, by definition and design, malvertising is criminal activity. It manipulates legitimate advertising and advertising platforms for malicious purposes that are aimed at your brand, your customers, and your user audience. Those purposes can include planting malware on computers or phones for malicious purposes, illegally capturing personal information, stealing money, or scamming individuals for money and other malicious purposes. All will leave your users, customers, or investors with negative impressions of your organization, and some will leave your organization at risk of fines and other liabilities.

IT, security, and fraud control

Threat actors use malvertising every day on an hourly basis as a major attack vector, because it is often overlooked by corporate IT, security, fraud control staff and network threat detection products. Threat actors know that they can often steal away corporate revenue and even breach your organization’s cyber defenses through malvertising. Presently, the leading malvertising attacks affecting corporate security are:

• Drive-by malware - most prevalent on malicious ad networks and search advertising
• Tech support scams - most prevalent on Malicious Ad Networks and Premium Publications (both display and native ads)

AdOps and ad revenues

Malvertising in its many varied forms, interferes with the regular work and goals of most AdOps and Ad Revenue teams, which are focused on building safe, trusted user experiences, and with the impending loss of third-party cookies, subscription-based user audiences. Publications that don’t control or block malvertising, allow it to disrupt users’ experience, risk losing user subscriptions and advertiser revenues, causing distrust of the site, threatening brand reputation, and detracting from the purpose of the site. For most organizations with an AdOps team or technical staff with ad tech responsibilities, controlling and reducing malvertising runs up expenses and wastes time. Instead of that technical staff focusing on the organization’s goals, revenue generation, and improving user experiences, malvertising forces them to play defense most of their working hours impacting their efficiency.

Brands / clients

Brands can lose advertisers, users and sustain financial losses through the bad effects of malvertising. Threat actors use malvertising to piggyback on, and steal a brand’s equity and popularity by hijacking brand names, misuse celebrity photos, emulate logo designs or brand styles, copycat familiar names (like SquidCoin or $SQUID based on, but not affiliated with the Netflix show The Squid Game), or use social engineering scams on social media and walled garden sites by posing as another user, or as a well-known personality.

Corporate c-suite (CEO, CFO, CISO, CTO)

Corporate reputation and customer engagement are two important factors for most organizations. Malvertising is another digital vector that can breach your corporate infrastructure and leave you with financial consequences due to information breach and related reparation costs, may expose your infrastructure to ransomware attacks, damage your corporate reputation, and can lead to customer loss when targeting your clients. Financial institutions can be held responsible for scammed customer losses and tech platforms may be too in the future. Malvertising leaves customers and investors with seriously negative impressions of your organization’s brand if left unmanaged. Proactive malvertising prevention is a strategy similar to firewalling your IT resources, or spam filtering your email servers. It provides a layer of protection and mitigates risk of malfeasance by bad actors.

Legal and compliance

Threat actors are conducting criminal activities facilitated by malvertising on your website or by hijacking your brand in fake ads for their own purposes every day. Usually, those purposes include stealing the user's personal information, money, or both. They may infringe on your own brand, your trademarks and copyrights, or may leave your organization with privacy compliance violations, and potential financial obligations to repay victims for their losses.

Threat actors’ actions may also draw organizations into lawsuits from brands because of infringement of their trademarks or copyrights, or regulatory penalties from their illegal use of personal information. Recently, UK government authorities have been creating laws that hold banking organizations liable for users’ scammed financial losses; and are also considering holding ad tech platforms liable for paid ads that run scams on their platforms, in updates to the Online Safety Bill.

How to stop malvertising

Organizations can proactively identify potential malvertising and block it with advanced technology tools like Confiant’s solutions. Our 140 custom integrations into the ad industry’s technology supply chain gives us a proprietary data set to analyze for threats, Confiant has identified and cataloged more than 70 malvertising techniques and a wide array of current ad threat actors in our Malvertising Attack Matrix.

Our security team is constantly profiling threat actors' different techniques and the tactics they use, to exploit and scam users via digital ads, and integrate those into our actionable threat intelligence solutions to automatically detect and block malvertising for our customers.

Interested in more threat intelligence support for your enterprise? Learn more at www.confiant.com