Don’t give your ad budget to cybercriminals
Author Jihane Abid writes about this in her (Dutch) blog on Computable. She is international account manager at G DATA CyberDefense. G DATA developed the world’s first antivirus software in 1987 and will also be present as an exhibitor at Cybersec Europe 2022 on May 11 and 12 in Brussels.
In ad fraud, cybercriminals usually use bots, computer programs that mimic human behavior. Such bots can be deployed in numerous ways. Sometimes cybercriminals hide ads in malicious apps. Such apps skillfully hijack Android devices without the user realizing it. The devices are then used to generate ad clicks. These ads not only generate revenue, but can also redirect to malicious websites.
Another form of ad fraud is clickjacking, also known as a UI redress attack. In clickjacking, visitors think they are clicking on a legitimate button, but in reality they are clicking on a transparent overlay. In reality, they are clicking on a different ad, which is how the cybercriminals make money.
In addition, malvertising is also commonly used. In this tactic, online ads are used to spread malware (malicious software). Banners are tagged with codes that unwittingly install plug-ins, viruses and tracking cookies on victims. By using ad networks, these malicious ads can be spread quickly.
Besides actively spreading advertisements themselves, malvertising often hitchhikes on existing banner campaigns. Leaks in software platforms to fill banner positions can be abused to add extra code to existing banners. The malware that is installed unnoticed can have different objectives. Sometimes they install spyware that can be used to derive information and keystrokes, to commit identity fraud or loot someone’s bank account. But most often it involves installing ransomware, which takes the device hostage and requires the owner to transfer a sum of money to regain control.
Preventing Advertising Fraud
Although the advertising and security industries are working hard on solutions to such forms of cybercrime, you can also take some simple measures yourself. For example, advertisers would be wise to always check whether the publisher has implemented an ads.txt file. An ads.txt file increases transparency by making clear in a publicly accessible text file which system a publisher uses to sell advertising space and who is allowed to sell it on to which systems. As soon as the publisher has implemented ads.txt, everyone can view this file by placing ‘/ads.txt’ after the domain.
In addition, it is important to regularly check the ip addresses that are linked to the ad clicks. If strange patterns are noticed, such as a surge of clicks from a particular ip address or location, then click fraud may be occurring. Once the ip addresses are identified, it is usually possible to block them through the publisher.
Websites that place the ads would do well to take measures as well. Before ads can be placed, they usually need to use various third-party cms plug-ins, extensions and scripts to extend the functionality of their site. Such tools are often open source. This offers advantages, except that the software is more likely to be outdated and contain security vulnerabilities that cybercriminals can exploit. Moreover, after modifications certain modules or plug-ins may no longer be used. Therefore, regularly check all plug-ins and modules of the website.
Visitors to websites and users of apps should also pay close attention. Anyway, it is wise (for everyone) to always keep the software up to date and patch all devices. Users can also block ads. There are several plugins that will stop you from seeing ads, such as the AdBlock Plus and Ublock.
Additionally, it is smart to block trackers through add-ons like Ghostery or Privacy Badger. Additionally, make sure employees understand the techniques and different forms that cybercriminals use. In this way, risks and attacks can be detected and action can be taken more quickly. An e-learning training course is ideal for this. Since ad fraud often occurs after cybercriminals have penetrated the network, it is important to secure the network and look for signals preventively. Therefore, perform regular network scans with modern security solutions, which are equipped with intelligent mechanisms such as: heuristics, behavioral analysis and exploit protection.
Although the above measures can ensure that we can prevent the various forms of ‘ad fraud’, we will not be rid of this phenomenon for the time being. The attacks are becoming more complex due to new technology and are also lucrative. Moreover, advertisers, publishers and visitors (who click on ads) are usually unaware of the risks. This is especially important for advertisers, so that their ad budget does not disappear into a bottomless pit.
Register for free for Cybersec Europe 2022
Interested in the future of cyber security? With keynotes from security experts like Mikko Hypponen, hacking experts like Tobias Schroedel and inspiring sessions from innovative and leading organisations, Cybersec Europe, former Infosecurity.be, Data & Cloud Expo, will be a 2-day all-round IT-security event at Brussels Expo on 11 and 12 May.