Global ad tech, cybersecurity, and threat intelligence solutions provider, Confiant, released the 2021 year-in-review and fourth quarter edition of its industry benchmark report, the Malvertising & Ad Quality Index (MAQ). The report, in its fifth year, summarizes the state of quality, security and privacy in the global digital ad industry. In this report, Confiant analyzed a sample of more than 650 billion annual ad impressions (tracked more than 150 billion impressions in real time each quarter) monitored from January 1 through December 31, 2021, (representing tens of thousands of premium websites and apps) to compile this MAQ index.
Overall, for 2021, nearly one in every 125 ads were considered dangerous or disruptive to users, a significant increase that nearly doubled the rate from 2020. The overall industry security violation rate in Q4 matched that of Q3, which was previously the highest quarter of 2021. Compared to 2020, security issues declined slightly overall in 2021. However, the overall quality violation rate continued to increase over six consecutive quarters.
“Confiant has a unique vantage point overseeing the ad tech industry’s infrastructure, tracking, and acting to protect it from ad-based cybersecurity threats. What we have seen over the course of 15 reports in five years is that malvertising is increasing in technical and criminal sophistication as the financial incentives for the bad actors keeps increasing,” said Louis-David Mangin, CEO and Co-Founder of Confiant, Inc.
The report highlights how bad actors constantly shift tactics, to present new ad-based security threats. Criminal scams predominated in the first half of 2021, including: fake financial investments, crypto scams, false celebrity endorsements, Keto diet scams, malicious clickbait, Ponzi schemes, and cloaked ads that lure users to threat actors’ landing pages designed to steal their personal information and access finances. Fake downloads emerged as the top issue in September, only to be eclipsed by forced redirects and phishing scams in the last two months of the year. Fridays and Saturdays were the days of the week with the highest security violation rates, but the increase over the rest of the week was modest, particularly when compared to past years. Quality violations, those that disrupt or impair the user experience, include Heavy Ads, Auto Video, and Misleading Claims. For most SSPs, Heavy Ads and Auto Video tended to be the most prominent quality issues. Google performed well in these two areas but was also the main source of ads with Misleading Claims.
Also Read: Relo Metrics Launches Relo Baseline, To Offer Unprecedented Sponsorship…
“The shift in tactics to criminal scams and cloaked malvertising early in 2021 was not accidental, it represents an evolution in the strategies of cybercriminals. These shifts target unsuspecting users and the sites they visit through the misrepresentation of brands, platforms, and walled gardens.” continued Mangin.
“It’s important for enterprises and publishers to recognize the economic benefits to the bad actors behind this activity and take action to protect their users, customers, and organizations,” Mangin concluded.
European markets continued to be more prone to security issues in Q4. In Great Britain the security violation rate more than doubled from Q3 to Q4. Quality violations in Canada far exceeded all other markets. While Japan’s quality violation rate more than tripled from Q3, it is still comparatively low.
Of more than 100 SSPs that Confiant tracks, the 12 included SSPs represent where the vast majority global impressions originate. Each has been a source of more than one billion Confiant-monitored impressions per quarter, across the global sample. Most SSP’s security violation rates in Q4 echoed their year-long performance. Of the three notable exceptions who improved in lowering security violation rates in Q4, OpenX was one of the top performers for the quarter, as well as for the entire year.
The attack response time of SSPs is another key factor highlighted in the report. During Q4, OpenX kept their average response time to cyber attacks below one day, an extremely strong performance for the category.
Google Chrome had the lowest security violation rates of all browsers, across all platforms. Firefox for Windows was the worst performing desktop browser for security issues, while the integrated Facebook for iOS browser continued to be the worst on mobile platforms.