A new form of malvertising only impacts ads served via programmatic exchanges, and 87% of those attacks appeared in header bidding in the past few months, according to an ad security provider.
GeoEdge’s security team uncovered the malvertising that affects WebRTC, a commonly used server-less communications protocol, based on internal data monitoring tens of billions of impressions. The team reverse-engineered several scripts and deobfuscated the code used by the attackers.
The company estimates the loss for publishers this year at $325 million. About 84% of the attacks occur on mobile devices and 16% occur on tablets.
The protocol, which is backed by Google, Mozilla, Opera and Microsoft, attempts to solve the complexities of managing browser-based real-time communication.
But WebRTC malvertising attacks are complex, and only can be identified through behavioral analysis because the communications protocol doesn’t run on a server, so there is no domain to block.
Blocking domains is the most common way to stop malicious ads, according to the GeoEdge report.
The malvertising attack is launched through cloud services from companies like Amazon AWS or Microsoft Azure. That challenge is that blocking the cloud service will block all of the ads originating from it, even though 99% of the ads are safe.
Amnon Siev, GeoEdge’s CEO, believes that WebRTC Malvertising highlights the industry’s need to add another layer of security and move beyond merely blocking offending domains. Brands need to rely on behavioral analysis technology that can uncover difficult to track malicious activities.