Ad threats -- not to be confused with ad fraud that defrauds marketers into paying for fraudulent ad views -- will become the tool for hackers in 2020. The threat moves from lost marketing and advertising dollars from fraud, to brand safety, reputation and trust as advertisements act as decoys to deliver exploits from hackers, according to a recent report.
Advertisers working with publishers that do not monitor networks and their partners’ third-party code for these types of attacks can find themselves in the middle of a major data breach, said Maggie Louie, Devcon CEO, who described a similar instance with British Airways.
“Brands can be compromised when their advertisements are used to distribute Trojans,” she said. “The brand’s advertisement is used to hide exploits.”
The Devcon 2019 Holiday Threat Report provides insights into what advertisers can expect to see in 2020, such as third-party JavaScript risks that connect with Magecart attacks, which targets ecommerce checkout pages to steal customer payment data.
The report also notes that advertisers and publishers will continue to see fake accounts on ad networks that use tags to deliver exploits onto sites, and JavaScript code that infects assets such as image files, fonts and ads.
Advertising threat attacks continue to exploit JavaScript used across the internet, despite declining year-over-year in 2019, according to the new report from cybersecurity company Devcon.
Between Thanksgiving and Cyber Monday, the rate of digital ads containing lower-risk malvertising fell to .07% in 2019 compared with 1.25% in 2018, but a rise in highly sophisticated attacks exposed in the report means that publishers and advertisers must become more vigilant against security threats that steal private data and credit card information from consumers.
The report found that more than 60% of malicious ad threats during the 2019 holiday shopping period came from sophisticated attacks such as Led Zelpdesk, Lucky Star, Avid Diva, and Invisible Ink.
These attacks use a combination of social engineering and exploited JavaScript found in browsers to steal a user’s credit card information, have them download a Trojan, or both.
“We will start to see much bigger attacks, including a crossover data breach,” Louie says, adding that small attacks related to ad revenue are declining, but the larger attacks related to cyber security are on the rise.
The publishing industry needs to monitor its networks to ensure they do not run spoofed and exploit infested ads that could create a data breach, Louie says.
Until recent, Louie says, advertising threats have not been seem by companies as an IT security threat -- but that is changing.