UNDERSTANDING THE THREAT MATRIX
TL:DR
- The majority of web-based ads are placed on websites by automated programmatic (automated) “ad exchanges”.
- Publishers, ad networks, and ad exchanges focus more on making money than on security .
- Malicious hackers are using a variety of techniques to exploit programmatic exchanges which lack proper security and controls.
- Businesses, hospitals, government offices, universities, and home users are being exploited via malvertising or “bad ads” to install malware and ransomware.
- At least 1% of all ads are malicious or disruptive.¹
- Zero-day exploits cannot be counted because they have only been discovered by malicious hackers as in the eGobbler case. The number of bad ads is higher than 1%.
- A system to block ads/scripts/trackers for entire enterprise networks is now required security.
- Next Vector Security has launched Security and Privacy Plus, a system to block programmatic ads/scripts/trackers for entire enterprise networks. The operating system and the application software are both based on Free and Open Source Software. The live update the service is free for your first two servers.
Programmatic advertising is growing quickly and has changed the digital display advertising market. Approximately 80% of all digital advertising is programmatic in the U.S. and the numbers are growing fast in many other countries.
In a nutshell, programmatic advertising automates the decision-making process of where ads are placed, using artificial intelligence (AI) and real-time bidding (RTB) for online display, mobile and video campaigns. ²
So, what could go wrong? Many things. And they do daily.
For a quick review, there are three pieces to this puzzle. Publishers, advertising platforms/networks, and programmatic ad exchanges. Publishers are the website owners such as Yahoo.com or Msn.com. Advertising platforms such as Rubicon Project or Google AdSense are the ad networks who link advertisers and publishers together so publishers can monetize their websites. Programmatic ad exchanges are a place where ad networks can sell, via an automated bidding process, their excess ad inventory to other ad networks.
Malvertisers are taking advantage of programmatic ad exchanges, the system that distributes webbased ads to millions of websites. Malicious hackers previously had to decide on a single large target, Yahoo for example, and load bad ads directly onto their site. This was an effective tactic since Yahoo servers have billions of hits a day, but criminals have found an easier way.
Now malvertisers can use various techniques to load their sandbox breaking JavaScript based ads into millions of publisher’s websites who are unwittingly serving malicious ads which can lead to viruses, malware, data theft, or ransomware for the end users. These malicious ads are loaded into your browser and directly onto your work network, your school network, your municipal network, or your home network.
Why? Because a message popped up on your screen and said to turn off your ad blocker and you did. Don’t do that anymore.
It’s like accepting candy from a stranger, you just don’t do that .
It is a very one sided and uphill battle since the digital media industry owns the problem and are not in a hurry to disclose their industry’s security shortcomings. If you search for the term “malvertising” you will see articles from well-known websites but many of the links will lead back to small security minded shops, who are doing their job by providing real network security and forensic analysis.
Your digital defenses should attempt to block all ads, with particular focus on blocking ads served from programmatic ad exchanges because of the dangers outlined in this article. The recent eGobbler attack, which compromised over 1.16 BILLION ads, is a powerful example of what is happening right now and what we will likely see more of in the future.