Why malvertising is still a threat inside digital walled gardens

By John Murphy, chief strategy officer, Confiant

In this article, we delve into the historical significance of physical walled gardens and their modern digital counterparts in advertising. Exploring the reasons behind threat actors targeting walled gardens with malvertising, we highlight the challenges these closed ecosystems face in addressing security concerns despite their controlled environments.

What is a walled garden in digital advertising?

Physical, brick-and-mortar, walled gardens were created for various reasons throughout history. They provided security and defense against external threats, offered privacy and exclusivity for relaxation and enjoyment, facilitated controlled environments for horticultural and agricultural activities, symbolized power and status, showcased aesthetic beauty, and served as spaces for scientific and experimental purposes. These enclosed gardens represented a range of motivations, including protection, cultivation, social representation, aesthetic appeal, and scientific exploration. Whether as fortifications, private retreats, or showcases of human mastery over nature, physical walled gardens played significant roles in different cultures and time periods.

In digital advertising, the concept of walled gardens has gained prominence again. Here “walled gardens” refers to ad environments where the owner exercises end-to-end control, and advertisers must use the walled garden’s platform in order to access their ad inventory. Walled gardens typically offer proprietary ad units and ad inventory that aren’t available anywhere else. Contrast that to open programmatic — which is based on open protocols like Open Real Time Bidding and standard Interactive Advertising Bureau formats — that allows an advertiser to choose their own demand side platform and path to inventory.

We all recognize some of the largest walled gardens in adtech: Google, Meta/Facebook, and Amazon. But there are many others that exist, and even more are being created every day. These closed environments offer a sense of security by controlling the entire ad buying experience. However, despite their apparent protection, walled gardens still face the very persistent threat of malvertising. Let’s explore some of the reasons behind why walled gardens are targeted by threat actors and why malvertising remains a concern within these enclosed ecosystems.

Why do threat actors target walled gardens with malvertising?

The answer is addressed in an old quote often attributed to the infamous bank robber Willie Sutton. When Sutton was asked why he robs banks, the news at the time reported that he answered, “Because that’s where the money is”. Similarly, despite the protective measures implemented within walled gardens, threat actors continue to target these platforms with malvertising because that’s where the money is. Several factors contribute to why threat actors are drawn to walled gardens:

Large membership base: Walled gardens boast substantial user populations (Google Search 4.3 billion, Facebook 3 billion, and Amazon over 300 million per month), making them attractive targets for threat actors seeking a broad reach for their malicious campaigns. By infiltrating these platforms, threat actors can potentially bring their scams or malware to millions of users, increasing their chances of success.

Specific membership profiles: Walled gardens often attract specific user demographics or interest groups that align well with the profile targets and objectives of threat actors. Whether it's an exclusive social media platform or a specialized professional network, these ecosystems often gather users with shared characteristics and like interests, or lookalike audiences, making them prime targets for tailored malvertising campaigns along with targeted advertising.

Sophisticated targeting: Because most walled gardens require users to login, they typically know quite a bit about their users including: name, mobile phone number, email address, and postal address. This enables sophisticated targeting, which can be used by threat actors to reach people or groups who might be more susceptible to their attacks.

Programmatic advertising: Walled gardens rely heavily on programmatic advertising to serve the vast number of ads displayed within their platforms. Programmatic advertising allows for automated and real-time ad placements at almost unimaginable scales. eMarketer estimated that in 2021 programmatic accounted for 88% of all digital advertising, which equated to $81bn in display advertising. But the high levels of automation required can also create vulnerabilities for threat actors to exploit. The sheer scale of the ads served makes it nearly impossible for manual identification and removal of the majority of malvertising by walled garden technical staff.

What’s next for walled gardens?

While walled gardens offer a somewhat controlled and secure environment for advertisers and users, the persistent threat of malvertising reminds us that no ecosystem is immune from malicious activities. The large membership bases, targeting features, and programmatic advertising practices within these walled gardens make them enticing targets for threat actors seeking to distribute malware or conduct fraudulent activities. To address this threat, it is crucial for walled gardens to remain vigilant, invest in robust security measures, and collaborate with industry partners to ensure a safer digital advertising ecosystem for all.