Malvertising grows faster than advertising

RiskIQ has released its 2016 Malvertising Report (registration required). It shows a significant spike in malvertising across 2016 with growth more than twice that of 2015. This compares to growth in the legitimate online advertising market which was predicted to be less than 10% in 2016. That prediction came from eMarketer back in April 2016.

According to James Pleger, Director of Threat/Security Research, RiskIQ: “Malvertising is so nefarious because it’s a direct attack on the lifeblood of the internet as we know it. Digital media marketing is what funds the ‘free’ websites we all know and enjoy online.

“The success of the internet and all the people that rely on it is inextricably linked to online advertising success and safety. Publishers, ad platforms, and ad operations teams need active visibility, forensic information, and mitigation capability to enable them to effectively detect and respond to malicious ads in the wild.”

Malvertisers taking advantage of ad networks

The growth in malvertising should come as no surprise. Websites and successful blog sites are competing for revenue. Online advertisers have a lot of choice and are becoming savvy about the return on investment (ROI) that they want from their advertising spend. It is now all about attribution. If your site delivers nothing beyond the number of clicks then you will struggle for online advertising from the big spenders.

This leaves many people relying on advertising networks and aggregators. They take advertising and spread it across large numbers of sites. In February 2016, Malwarebytes revealed that the advertising networks of Google, AppNexus, AOL and Rubicon had been compromised. Large and small websites end up distributing malware through malvertising. In the last year we have seen the BBC, TMZ, MSN, New York Times, BBC, NFL and others. The malvertising often installs malware such as the Angler Exploit Kit and ransomware onto the computers of those who click on them.

Phishing and scams top the malvertising list

According to details from RiskIQ, growth in malvertising related to phishing was the biggest growth area last year. It grew from 39,848 to 828,402, an increase of over 19 times. As impressive as that growth is, the majority of malvertising is around scams. RiskIQ detected 4,619,794 malvertising related to scams, up from 488,000 in 2015.

Interestingly, only 177,451 malvertising attempts were related to malicious injections of code. This was less than half the 362,500 attempts to install scareware or browser lockers, a term that includes ransomware. While these attempts to install dangerous software are small they are growing.

Is malvertising driving the growth of Ad Blockers?

This is an interesting question. It is a market that has grown significantly for several reasons. RiskIQ says that web savvy users are aware of the threat of malvertising and are using ad blockers to protect themselves. This implies that there is cause and effect here. However it is hard to just blame malvertising.

Sites have been bombarding visitors with advertising in order to make money. This overload of advertising is the main reason users take advantage of ad blockers. It has also been driven by the major browser manufacturers including ad blocking technology into their own products.

Ad blocking also affects the visitor statistics for many sites. The technology often stops visitors being reported as being on the site and this affects the ability of those sites to attract advertising. For some sites, the money they make from advertising is their only income. They know users want access to free content but if those same users block the adverts that allow the site to be free they cannot continue to operate. The use of ad blockers has therefore sparked a major debate. Some sites like Forbes actively ask users to turn off their ad blocker or else they restrict access to content.

Conclusion

Malvertising is a major problem. It provides hackers with a way to get at end-users. They are using malicious ads to install code, phish for personal details and scam users. The security industry is getting better at spotting new malvertising networks. However, it also requires the advertising networks to do their bit by validating ads and preventing malvertising in the first place.