Webinar Replay: 2023 Malvertising Preview

Thanks to the due diligence of ad quality vendors, there are tools in place to ward off malvertising and bad actors. For example, forced redirects have decreased due to iframe sandboxing, more vendor adoption and better threat sharing.

However, that did not hinder bad actors from evolving new practices to keep up their schemes. There’s still a lot more work to be done before publisher sites are scam free. Lurking under secret holes in the open web, bad actors are finding innovative ways to attack both publishers and consumers. 

Now isn’t the time to become complacent. The industry as a whole should be on the lookout for these scams. You should be asking yourselves: How can I identify a malvertising scheme? What are the malvertising trends for the upcoming year? How can I play a role to help decrease the prevalence of these schemes? 

Confiant is a cybersecurity company that protects publishers and supply-side platforms from malicious actors and puts the control back in their hands to ensure the ads delivered to a website are safe and secure.

During our Nov. 30, 2022 webinar, 2023 Malvertising Preview, AdMonsters chatted with Confiant malvertising experts Jerome Dangu, CTO & Co-Founder, John Murphy, Chief Strategy Officer, and Eliya Stein, Sr. Security Engineer. They discussed the different types of malvertising scams, trends to look out for in 2023 and industry collaboration. (Watch the video below.)

How to Protect Yourself From Malvertising Schemes

  • At the core, malvertising scams are attacks on the supply chain. The more publishers are able to understand where these attacks are coming from, the more you can do. This will allow publishers to put better security in place to protect themselves and the consumer. 
  • It’s important to have a good strategy to process your consumer complaints.
    • Consumers’ needs are highly essential to the ad tech ecosystem and understanding their plight with scams will increase the overall UX . 
    • Conduct yearly surveys to see how well your site has thwarted advertising scams. Report the good, the bad and the ugly. Where did we do well and where did we go wrong? 
  • There’s a lot that publishers can do with partner selection. Work with security firms such as Confiant who have the knowledge and skill sets to help prevent malvertising scams. 

Looking Toward 2023 

Each panelist was asked to give a final takeaway to leave the audience with as they all look toward fighting the good fight against malvertising scams in 2023. Here is what each one had to say: 

Eliya Stein. Publishers should be careful with what they actually put on their page. Stein honed in on the group’s previous point about supply chain attacks, and said this was an issue that  goes beyond ad tech. 

  • For example, “If you are updating a blog post or embedding JavaScript from somewhere that adds some kind of widget. All of these broaden the threat surface for publishers. You have to be very careful with what you introduce onto your website, especially if its code comes from an attacker.”

Jerome Dangu. There is a convergence between advertising, privacy compliance and how tracking is leveraged by bad actors. He highlighted a study that was conducted this year in which they found an attack whose sole purpose was to extract consumers’ device fingerprints and geolocations. 

  • “Obviously, big security, big privacy concerns. But also you have a broader issue about who is collecting the data. We know that the bid stream is a very sensitive source of chunks of data that’s available to DSPs at large. This group essentially recreated a semblance of a bid stream from JavaScript execution in the ad creative using really sophisticated obfuscation and extracting this fingerprint data through actual consent pipes. So very sophisticated attacks.” 

John Murphy. Publishers, especially premium publishers, shouldn’t forget the leverage they have. They provide access to users. Both SSPs and DSPs need them and they should use that leverage to help to affect change in the industry. 

  • For instance, “The top publishers came down and said we really think buyers.json and DemandChain Object are really important for the industry. For increasing transparency and addressing some of these issues. That’s when you get SSPs to move. By proxy, that’s going to get the DSPs to move because they want to maintain access to those premium publishers and their users. Don’t forget the power that you have as a premium publisher.” 

Watch the full webinar in the video player above, or on our AdMonsters Webinars On-Demand Platform.