The ad tech industry created far more efficient means for both publishers and advertisers to meet their objectives. By utilizing programmatic buying and third-party data tools, advertisers have gained tremendous targeting and segmentation capabilities that a decade ago, we could never have imagined.
Publishers have added new revenue streams and increased CPMs on their inventory, becoming a more attractive option for advertising budgets.
Yet these gains have not come without strings attached. The industry has also created a variety of risks and vulnerabilities, one of the most problematic issues being malvertising attacks.
In March 2016, multiple web publishers, including AOL and BBC, were simultaneously attacked by cybercriminals pushing malicious ads that contained a variety of viruses and ransomware.
The attack, perhaps shockingly for some, compromised top automated ad networks and displayed malware-laced banner ads on high-traffic, reputable websites.
In order to be infected, all a user needed to do was surf the webpage that contained one of these malicious ads.
The attack quickly reached tens of thousands of computers within the U.S. alone. The end result: Millions of users were staring at screens demanding payments in bitcoin in exchange for recovering important files.
The facts: It’s become relatively easy and profitable for a hacker or group of hackers to inject malicious code and implant a virus or ransomware. The United States Department of Justice indicated there were, on average, 4,000 ransomware attacks per-day in 2016.
The frequency and scale of these attacks are already creating disarray in the industry.
On top of brand-safety issues, advertisers and publishers are increasingly worried about what ransomware and malvertising attacks can do to their already fragile reputations. Publishers are getting flack about brand safety and a variety of fraud issues.
What would it mean if advertising became even more undependable and unsafe? And consumers, already prone to downloading ad blockers, are more fearful than ever of visiting unsafe sites and protecting their personal information.
Fast forward to 2017, the situation has only become more alarming.
In March, ransomware attacks were up by 500%.
In May, the infamous WannaCry ransomware cryptoworm took the digital world by storm. Perpetrated by an unknown group of hackers, it held organizations like Telefonica in Spain, the National Health Service in the U.K., and Fedex in the United States hostage by infecting their digital assets, often with malicious links. The hackers’ demands? Payment in Bitcoin.
Confirmed as the largest ransomware attack in history, WannaCry combined the use of publicly available exploits with worm-spreading functionality to infect hundreds of thousands of Windows computers around the world.
According to security experts, the chief culprit was drive-by downloads (malicious links on sites) and/or e-mail phishing. The attack was a game changer, a paradigm-shifting event for the advertising world.
To a large degree, WannaCry was contained because of a flaw in the code that allowed independent analysts to register domains that acted as kill-switches. This gave Windows users enough time to apply an update in order to stop the attacks.
However, security experts warn that things will only get worse before they get better. Experts are saying the WannaCry vulnerability still lives on in unpatched systems — the next attack may not have such an effective kill-switch.
This was more than just a nightmare for businesses around the world, it was a wakeup call. Our industry needs reform.
Reform that will protect publishers, advertisers and users before things get bad. Reform that will ensure a safe and high-quality digital environment. Our industry's revenues and future depend on it.
The multibillion dollar question remains: How quickly can we as an industry bring this much needed reform?