Malvertising, the use of online ads to spread malware, rose almost 19% from the first to the second quarter of this year, including a 131% rise in phishing related advertising.

RiskIQ in the first in a series of Q2 wrap-up reports with different threat themes Worldwide, malvertising continues to rise. In Q2 2017, RiskIQ scanned 18.65% more advertisements containing a blacklisted incident—phishing, scams, exploit kits, and malware—than Q1, continuing a trend highlighted in our 2016 report, which found a 132% increase in total malvertising in 2016 over 2015.

Malvertising has consistently risen since programmatic advertising gained popularity, but what's interesting is how the type of malvertising fluctuates quarter to quarter. According to RiskIQ detections, the total amount of malware in advertisements decreased by 42.73% from Q1, along with a 24.21% drop in exploit kits. In fact, exploit kits have been on the decline for the entire year.

However, while malware and exploit kits dropped, there was a 131.36% rise in phishing-related advertisements, marking a shift in tactics. Attackers seem to be placing less emphasis on dropping malware on unsuspecting victims and more on tricking them into clicking on deceptive ads that may lead to pages requesting sensitive data. In 2016, RiskIQ saw a massive increase in phishing malvertising, identifying 1,978% more incidents over 2015.

Meanwhile, our data shows a 36% drop in scams (disingenuous advertising), but it continues to be a favorite tactic of threat actors—RiskIQ detected well over a million incidents in Q2. We also detected 845.9% more scams in 2016 than 2015, and with good reason: threat actors like NoTrove, which we profiled in April, drive immense amounts of valuable traffic to their sites via vast scam networks. Their fraudulent landing pages (take a survey to win a free PlayStation!), are often ignored by typical malvertising detection methods because of the gray nature of their payloads but can grow to enormous sizes and degrade the quality of the internet.

Malvertising is so nefarious because it's a direct attack on the lifeblood of the internet as we know it. Partly fueled by the looming threat of malvertising, ad blocking in the U.S. will continue to temper the growth of digital advertising. According to eMarketer, ad blocking will grow by double digits. In 2016, 69.8 million Americans were expected to use an ad blocker, an increase of 34.4% over last year. In 2017, that figure is projected to grow by another 24%, to 86.6 million people.

To combat this problem, RiskIQ scans over 2 billion pages and nearly 20 million mobile apps per day, resulting in a curated blacklist of malicious ads from across the internet. This proprietary list sets RiskIQ apart, enabling customers to vet new demand sources and prevent malware within their ad infrastructure. RiskIQ is unique in that our crawling infrastructure allows us to capture the entire ad redirect chain and creative sources, which indicate which part of the ad-serving process was compromised, and helps us identify the entity responsible for the threat.

Learn more about how RiskIQ can proactively scan and track ads as they traverse the supply chain so you can empower your team to take immediate action to identify and remove malicious malvertisement hosts and advertisers from? your network or publisher website, minimizing the threat to your end users.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).