UNDERSTANDING THE THREAT MATRIX
Programmatic advertising is growing quickly and has changed the digital display advertising market. Approximately 80% of all digital advertising is programmatic in the U.S. and the numbers are growing fast in many other countries.
In a nutshell, programmatic advertising automates the decision-making process of where ads are placed, using artificial intelligence (AI) and real-time bidding (RTB) for online display, mobile and video campaigns. ²
So, what could go wrong? Many things. And they do daily.
For a quick review, there are three pieces to this puzzle. Publishers, advertising platforms/networks, and programmatic ad exchanges. Publishers are the website owners such as Yahoo.com or Msn.com. Advertising platforms such as Rubicon Project or Google AdSense are the ad networks who link advertisers and publishers together so publishers can monetize their websites. Programmatic ad exchanges are a place where ad networks can sell, via an automated bidding process, their excess ad inventory to other ad networks.
Malvertisers are taking advantage of programmatic ad exchanges, the system that distributes webbased ads to millions of websites. Malicious hackers previously had to decide on a single large target, Yahoo for example, and load bad ads directly onto their site. This was an effective tactic since Yahoo servers have billions of hits a day, but criminals have found an easier way.
Why? Because a message popped up on your screen and said to turn off your ad blocker and you did. Don’t do that anymore.
It’s like accepting candy from a stranger, you just don’t do that .
It is a very one sided and uphill battle since the digital media industry owns the problem and are not in a hurry to disclose their industry’s security shortcomings. If you search for the term “malvertising” you will see articles from well-known websites but many of the links will lead back to small security minded shops, who are doing their job by providing real network security and forensic analysis.
Your digital defenses should attempt to block all ads, with particular focus on blocking ads served from programmatic ad exchanges because of the dangers outlined in this article. The recent eGobbler attack, which compromised over 1.16 BILLION ads, is a powerful example of what is happening right now and what we will likely see more of in the future.