Confiant has revealed that on 11 June it blocked the biggest single-day malware redirect ever seen. The attack lasted for more than 7.5 hours and Confiant claims it was blocking as many as 650,000 malicious impressions each hour. Each of those impressions sought to redirect the user to a site where malware would be installed.
Louis-David Mangin, CEO and Co-Founder, Confiant said: “June 11 saw our real time blocking rates peak at over 3x our quarterly average of 0.5 percent. These type of volumes are in no way trivial given their potential revenue impact and deleterious effect on user experience. More than a quarter of our publisher clients were affected by just this one attack.”
How damaging are malvertising attacks?
In July, Confiant protected more than 25 billion programmatic impressions from malvertising and fraudulent impressions across 2,200 sites. Confiant says that 2% of all impressions were subject to some form of attack. The attacks targeted both users and publishers. It saw:
- 1 in every 200 open market programmatic impressions were malicious redirects attacking users
- 3 in 200 were fraudulent in-banner video (IBV) impressions where the publisher’s display inventory was being misrepresented to video advertisers.
The attack was focused on mobile device users in the US. Confiant saw attacks on iOS (66%) and Android (34%). It also impacted over 1.84% of traffic in the US that was not protected by Confiant.
There is no detailed breakdown of this attack yet. What we need to know is:
- What sites were users being redirected to?
- How were the sites compromised?
- What malware were the attackers looking to install?
Earlier this year Confiant exposed the massive Zirconium attack. Was this attack a sign that Zirconium is coming back? Was Confiant was seeing echoes of the Master134 attack recently detailed by Check Point.
What does this mean
Malvertising attacks continue to occur because the rewards are so great. Cybercriminals have created complete business environments where they buy traffic, act as publishers and create the malware. They then use advertising agencies to help spread the malvertising to vast number of smaller sites.
This attack differs from previous mega malvertising attacks that Confiant has seen. It targeted the very large publishers in a massive attack. The growing size of malvertising attacks appears to be mirroring the rise in DDoS attacks. This time Confiant was able to spot and severely restrict the damage. The question is, for how long?