The ad industry is facing a growing threat: malvertising.
CNBC reported in September that malvertising—hackers using online ads to carry viruses, basically—is becoming more prevalent than ever. In response, Colossus, an SSP focused on diverse publishers, and cybersecurity firm Confiant announced a partnership at Advertising Week to do their part to combat the rising tide of malicious ads.
According to a joint release, Colossus will use Confiant’s tech to “monitor and block” these ads across its inventory, targeting threats like malicious code and misleading ads that work to scam users. While Colossus already has its own ad QC in place, Confiant’s platform gives the SSP more tools as it manages inventory for over 21,000 publishers and sees billions of impressions every month.
Confiant and Colossus say the partnership has worked, bringing security issues in ads from an industry average of 0.19% to under 0.002%. This means, according to Colossus, ads served across its network are 20 times safer than industry norms.
Why This Matters:
Malvertising, when bad actors inject malicious code into legitimate ad networks, is a growing cybersecurity threat, says Confiant, with 1 in every 79 ad impressions containing security or quality issues. The financial impact is equally alarming, with consumers in the U.S. losing over $12.5 billion to malicious ads each year.
Malvertising has grown into a bigger problem with the rise of programmatic. That shift made it easier for malicious ads to slip through, as automation challenges publishers and platforms — from SSPs to Meta — to vet each ad before it reaches the end user. According to Confiant, malvertisers are even exploiting ad data to better target malicious ads. So, relevant ransomware, essentially.
Beyond Colossus, Confiant partners include platforms, like Magnite, Adform, and Pubmatic, and publishers, like Complex, Axel Springer, and Politico.
Experts React:
In August, the Justice Department announced the extradition of a cyber criminal charged with running malvertising and ransomware schemes internationally. He, along with co-conspirators, allegedly used malvertising to infect millions of unsuspecting users with malware and “scareware” — tech that scares you into sharing your data — through what looked like legitimate ads.
According to U.S. Attorney Philip R. Sellinger, “victims would be redirected to malicious internet sites that delivered malware to their devices, giving the conspirators access to the victims’ personal information. The conspirators then sold that access and information to other cybercriminals on the dark net. Throughout the scheme, the conspirators attempted to hide their identities from law enforcement, including by using fraudulent aliases and online personas.” Scary stuff.
Our Take:
The partnership between Confiant and Colossus shows that malvertising, often mistaken for ad fraud, has grown into a more dangerous and complex problem in recent years. The current environment is also especially vulnerable to the problem. Between the election-driven ad surge and varying levels of ad QC on social platforms, a rise in malicious ads has to be expected.
X is a good example. After gutting its quality control systems, bad actors have exploited the platform’s ad system to promote sites linked to crypto drainers, fake airdrops, and other scams. Cryptocurrency, in particular, has become a prime target for scam ads due to the potential windfall for bad actors, as well as the difficulty in tracing transactions.
