Ad fraud has been around for many years, but it’s not the only risk businesses and advertising networks face. The rise of ad threats mean we must be extra conscientious when it comes to evaluating the strategies we’re using to promote businesses and brands.
What Are Ad Threats?
Cybercriminals are constantly on the lookout for new opportunities to pounce. They sniff out weaknesses in the online ecosystem and attempt to strike whenever and wherever it’s easiest to do so. This has given way to some entirely new methods of cyber attacks in recent years – including ad threats.
“Ad threats (not to be confused with ad fraud) is a form of so-called ‘malvertising’ that can involve a JavaScript programming language exploit that thrives off advertisers and publishers who do not monitor their networks or their partners’ third-party code,” cybersecurity expert Michelle Drolet writes.
According to one report, over 60 percent of ad threats during the 2019 holiday shopping period originated from advanced attacks. These attacks – which include Lucky Star, Led Zelpdesk, Invisible Ink, and Avid Diva – are a combination of JavaScript exploits and social engineering that steal credit card information and/or manipulate shoppers into downloading Trojans that can compromise sensitive personal information at a later date and time.
No two ad threats are the same, though they often use similar tactics to get similar results. The most common approaches include:
- Exploiting code vulnerabilities. If the victim company is using some sort of third-party JavaScript code that has known vulnerabilities, a savvy hacker can easily exploit these weaknesses and gain access to credit card information that can then be used to commit fraudulent purchases.
- Abusing a publisher’s code. A cybercriminal can create fraudulent accounts within an ad network and use an organization’s ad tags to actually deliver payloads to the target website without ever having to “break in” and compromise the company’s servers. This is pretty amazing (and scary)!
- Partner code exploitation. With this approach, the attacker exploits vulnerabilities in source code of a third party partner that’s connected to a target advertiser, publisher, or website. The Magecart attacks of 2019 are a textbook example of this. These attacks stole credit card info from dozens of ecommerce websites that were running outdated versions of Magento.
These are just a few examples. The trouble with ad threats – or any cyber attack – is that they can quickly evolve over time. And if you’re stuck looking for past trends, you’ll miss the new threats coming down the line.
Tips for Intentional Advertising
As a business owner, entrepreneur, or advertiser – or security professional for these organizations – the objective is to be intentional with your advertising so that you protect your business and your customers. Here are some tangible ways to do this:
1. Understand What You’re Investing In
You can’t protect yourself and your business unless you’re acutely aware of what you’re investing in. There are plenty of newfangled advertising trends and technologies, but do you know how they function, what data they store, and where they could potentially leave you vulnerable to attack?
OTT and CTV video advertising are the future. As you invest in strategies like these, research what’s working and what’s not working – and only partner with reputable companies that have robust security initiatives in place.
2. Conduct an Independent Audit
Make it a point to conduct independent audits of all company code from time to time. (Every few months is recommended.) This will allow you to make necessary improvements and close any loopholes that are making you vulnerable to outside infiltration.
3. Ensure Advertising and Security Overlap
It’s not enough to have an advertising strategy and a security strategy. If you want to stay protected, your advertising and security initiatives must overlap in profound ways. In large organizations, this means having more direct interaction and communication between these two departments. The goal should be to over-invest in security, so that it never becomes a problem for your business.
Adding it All Up
There is no perfect solution for thwarting ad threats. There are, however, plenty of techniques that can be stitched together to reduce the likelihood of becoming victimized by these devastating attacks. The hope is that this blog post has supplied you with some fresh insights into how you can move forward with clarity and boldness.