- Security TWENTY
- Women in Security Awards
Ad agencies, search engines and cybersecurity specialists should work collectively on the security threat from rising malvertising, it is claimed.
Ben Williams, Head of Operations and Communications at Adblock Plus, argues that without this, more users will be exposed to potential security compromises such as malware and phishing, and push further adoption of adblockers as a solution to these threats.
According to a report from digital threat management firm Risk IQ, in 2016, total malvertising rose 132pc since 2015. Some of the most notorious ads in the previous year included fake software at 70pc, scams at 845pc, and redirects to phishing pages at 1,978pc. With eMarketer reporting a 7.2pc growth in digital advertising in 2016 to $550.51bn, the increase in online ads, could also potentially increase the chances of users suffering a form of malvertising, he says.
Ben says: “While it’s positive to see digital ad spend increasing, if rising malvertising is a by-product, then it’s going to be detrimental for both users and the industry. The results coming from the Risk IQ report also seem to suggest a delayed response from advertising parties in tackling the issue, especially as the problem extends past websites, and directly onto users. If users are not protected, we’re going to see more people looking for ways to mitigate their security, which will naturally include anti-malware software and adblockers.”
Malvertising has been a growing problem, with third-party ad networks often responsible for embedding attacks in legitimate websites, Ben adds: “No victim of this was larger, and no example more ironic, than Forbes, who in early 2016 told their readers they would have to disable their adblockers to gain entry to Forbes.com – then served malware through some infected ads. Woops? Well, of course, but as a side note let’s not blame them here, because malvertising seems ever to be full of victims; you rarely see its authors – but, increasingly, users know they’re there and know how to keep them off their devices.”
In fact, Adblock Plus research conducted with HubSpot in 2016, found that nearly two-fifths (39pc) of respondents were using adblockers to address security concerns, while another 32pc were concerned about privacy. PageFair’s latest adblocking report also discovered that ad blocking usage soared 30pc in 2016, with security cited as the number one reason for people using an ad blocker (30pc).
On the growth of adblocking in response to security concerns, Ben says: “It’s clear that a real concern exists amongst users and if the proper defences are not in place then this will only escalate. Adblockers are a legitimate way to gain back control, but users are fighting against a sea of publishers installing adblocker-blockades, which are in fact hindering the user experience and increasing the chance of an infection.
“Malvertising is something that simply won’t go away overnight. The trouble is, it’s very difficult to eradicate completely, even for the best ad networks in the world. For practitioners of malware it offers a massive return on investment meaning more forms of malvertising, while on the other end of the spectrum, ads provide the monetary support for smaller and independent websites to remain live and active. If global ad spend is set to increase then there needs to be a sustainable effort made to keep users safe, but also provide relevant content. At the same time, the worrying surge in malware may serve as the stark call-to-action needed for the industry to come together and adopt new measures to tackle against this security threat.”
Read also blogs at adblockplus.org/blog/.