Dive Brief:
- An Interactive Advertising Bureau (IAB) report from November found malvertising is responsible for more than $200 million in lost ad revenue.
- Even though ad fraud and ad blocking are main concerns for digital marketers, malvertising is potentially more damaging for publishers serving ads that expose website visitors to cybercriminals.
- This year cybersecurity researchers found malvertising on the Huffington Post, Forbes, Yahoo and the Daily Mail.
Dive Insight:
With all the attention paid to ad blocking and digital ad fraud, malvertising isn’t always part of the conversation even though it’s a multi-million dollar drain on ad revenue, according to the IAB. And in a way it’s worse for publishers that serve malvertising ads because the bad user experience very possibly extends into actual criminal activity.
Malvertising ads are slipped past ad tech servers through one technique called “conditional triggering.” This presents an otherwise clean ad to a security check that activates later on in a small window. Jérôme Segura, senior security researcher at Malwarebytes, told Ad Exchanger, "(Malvertising) campaigns are active for ten minutes during the day. But for people testing the ad in their lab. If they’re not testing during that window, they’ll miss it."
Malvertising is often deployed late at night or on weekends when there is less manual monitoring of digital advertising.
Concern around malvertising has grown so much ad tech players are upping their defenses against it -- as well as polishing their pitches with solutions. For instance, First Slice Media even swapped ad tech vendors to engage:BDR based on anti-malvertising pitches.
"We’re a small startup, so when we partner with engage, they’re practically our top-to-bottom solution," First Slice Media CEO Branden Hampton told Ad Exchanger.