Malvertising is a massive, now mainstream problem. In August of 2015 we reported that malvertising was up 260%, on a prorated basis, between the first half of 2015 (450k) compared to all of 2014 (250k). Our numbers now show that malvertising is up over 300%, year over year, between 2014 (250k) and 2015 (1mil).
The recent Forbes.com incident and a string of other major publishing site attacks including: The Huffington Post, Askmen, The Daily Mail, and Drudge Report demonstrates that malvertising isn’t just a problem for small or niche web properties.
Malvertising negatively impacts the customer experience and motivates visitors to block online ads in order to protect themselves from infection. Approximately 17% of US ad blocker users do so because they are concerned about malvertising, according to a recent study conducted by EY on behalf of the IAB (Internet Advertising Bureau). It is estimated that $1.1bn is lost annually by advertisers and media companies because of ad blocking.
PageFair - in a report compiled with Adobe - estimated that ad blocking costs global publishers $22bn annually by negatively impacting customer experience and retention, and driving customers away from using sites.
Ad blockers are filling a void created by the the online advertising industry failing to police the ad networks. Ad blockers are bad for businesses, and poor advertising-network security practices are fueling their usage. Publishers that do not police their ads are encouraging users to block them or visit safer websites, which translates into substantial revenue loss.
Publishing digital ads has become standard practice on most websites. In many cases this is the first point of contact customers will have when they visit a web property. If this first point of contact is with a malicious threat - users will abandon a property for good.
For more details on the malvertising threats and how both website owners and ad network operators are policing their infrastructures to detect indicators of compromise and malware distribution campaigns, check out these resources:
https://www.riskiq.com/product/digital-advertising-security/malvertising-detection
https://www.riskiq.com/malvertising-external-threat-detection-online-publisher
