Bad News for Ads: Forbes Malvertising Attack Bolsters Ad Blocking

External Threat Management

Bad News for Ads: Forbes Malvertising Attack Bolsters Ad Blocking

January 14, 2016

By Steve Ginty

Malvertising is a massive, now mainstream problem. In August of 2015 we reported that malvertising was up 260%, on a prorated basis, between the first half of 2015 (450k) compared to all of 2014 (250k). Our numbers now show that malvertising is up over 300%, year over year, between 2014 (250k) and 2015 (1mil).

The recent Forbes.com incident and a string of other major publishing site attacks including: The Huffington Post, Askmen, The Daily Mail, and Drudge Report demonstrates that malvertising isn’t just a problem for small or niche web properties.

Malvertising negatively impacts the customer experience and motivates visitors to block online ads in order to protect themselves from infection. Approximately 17% of US ad blocker users do so because they are concerned about malvertising, according to a recent study conducted by EY on behalf of the IAB (Internet Advertising Bureau). It is estimated that $1.1bn is lost annually by advertisers and media companies because of ad blocking.

PageFair - in a report compiled with Adobe - estimated that ad blocking costs global publishers $22bn annually by negatively impacting customer experience and retention, and driving customers away from using sites.

Ad blockers are filling a void created by the the online advertising industry failing to police the ad networks. Ad blockers are bad for businesses, and poor advertising-network security practices are fueling their usage. Publishers that do not police their ads are encouraging users to block them or visit safer websites, which translates into substantial revenue loss.

Publishing digital ads has become standard practice on most websites. In many cases this is the first point of contact customers will have when they visit a web property. If this first point of contact is with a malicious threat - users will abandon a property for good.

For more details on the malvertising threats and how both website owners and ad network operators are policing their infrastructures to detect indicators of compromise and malware distribution campaigns, check out these resources:

https://www.riskiq.com/product/digital-advertising-security/malvertising-detection

https://www.riskiq.com/malvertising-external-threat-detection-online-publisher

https://www.riskiq.com/malvertising-outbrain

Featured Posts

External Threat Management | Labs

Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers

RiskIQ's Team Atlas has uncovered still more infrastructure actively serving WellMess/WellMail. The timing here is notable. Only one month ago, the American and Russian he...

Joining Microsoft is the Next Stage of the RiskIQ Journey

Today Microsoft announced its intent to acquire RiskIQ, representing the next stage of our journey that's been more than a decade in the making. We couldn't be more ...

Media Land: Bulletproof Hosting Provider is a Playground for Threat Actors

Bulletproof hosting (BPH) is a collection of service offerings catering to internet-based criminal activity. These businesses often operate in a grey area, attempting to appea...

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor

Forrester Wave: External Threat Intelligence Services, Q1 2021

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

Threat Investigations and Response RiskIQ Solution Brief

Illuminate One-Hour On-Demand Event