Ad threat is defined by DEVCON as the weaponization of ad tech to distribute malware, trojans and other malicious attacks to consumers, in addition to defrauding marketers and publishers. Ad threat is not to be confused with the more common term “ad fraud,” which is designed to defraud marketers into paying for fraudulent ad views.
“The spray and pray tactic of malvertising campaigns will simply never go away. Even as the overall occurrences drop, these guys just keep coming back,” said Mishunda ‘Mai’ Mathis, Senior Director of Risk and Revenue at DEVCON. “While it is easy to write them off as low-level and common attacks, these aggravating takeovers can cause publishers to lose their all-too-valuable readers and subscribers. The industry has finally accepted that the problem will not resolve itself and that defensive measures are needed at all levels of the pipeline.”
- Abuse of a service provider’s code: in the case of ad threat, bad actors are creating fake accounts with ad networks and using that company’s ad tags to deliver exploits onto sites without ever needing to compromise the target company’s servers.
- Partner exploitation: in the case of Magecart attacks that are specifically looking to steal information from checkout and login pages, an attacker will look for third-party partners on those pages and find one that is more easily compromised. That code is then used to gain access and collect user data as users are entering it.
“While these less advanced hackers are being shut out of the ad threat game, the more advanced bad actors are not only becoming more stealthy in obfuscating these attacks, they have escalated the types of exploits, broadened the attack surface, and they are not limiting these attacks to the ad tag scripts,” said Maggie Louie, CEO of DEVCON. “The actual risk is data breach, which can lead to massive fines in the new regulatory environment. Ad threat is a security gap that should not be managed by marketing teams any more than phishing attacks should be managed by the email marketing teams. These security threats need to be managed and monitored by security teams.”