Advertising has long been a vector for nefarious actors ranging from organized crime to a variety of other bad actors, but the proliferation of digital media and especially the programmatic advertising marketplace has given rise to increasing opportunities for purveyors of "malvertising" -- digital ads served to unsuspecting users that spread malware, compromise computer systems and harm consumers, publishers and platforms.
And while the magnitude has been difficult to benchmark, much less track, weakening advertising marketplace conditions are projected to accelerate the proliferation of malvertising, according to the first of what is planned to be an ongoing series of "threat assessment" reports published for the ad industry by the Trustworthy Accountability Group (TAG).
"Internet users remain largely unaware of the threat of malicious and low-quality advertisements on popular and trusted websites, social media platforms, and within search engine results because traditional cybersecurity training programs focus almost exclusively on the dangers of social engineering attacks via email and text messages - a gap that cybercriminals are increasingly using to their advantage," reads the first report in the series, "Exploiting Social Engineering Tactics On The Rise In Malvertising," which was published in July, but is being released broadly today by TAG.
The reports, which are generated by TAG's Malvertising Threat Exchange -- a group of both supply- and demand-side platform cybersecurity and threat assessment experts who come across new and evolving forms and purveyors of malvertising -- which meets monthly.
TAG plans to publish and distribute the reports quarterly, at least to start.
The first report reads more like a primer of the rapidly evolving malvertising marketplace, including a succinct glossary explaining the main methods used to propagate it.
In addition to malvertising, it defines related nefarious practices, including:
While the report does not explicitly benchmark the magnitude or growth rate of malvertising, TAG Vice President of Threat Intelligence Mike Lyden told MediaPost that reputable cybersecurity industry experts estimate that overall phishing is expanding at rate of "35% to 50%" annually, and that malvertising likely is growing at an even faster rate, because the digital advertising ecosystem is so easily exploitable.
The new TAG report suggests 2023 will likely be on the high end of that growth spectrum due to the slowdown in the overall advertising marketplace, which creates more abundant supply opportunities for bad actors.
"Market conditions increase opportunities for bad ads," the report warns, adding: "The ad tech industry is seeing a slowing growth rate in global ad spending due to economic uncertainties, which may give cybercriminals more opportunities to enter the ad ecosystem and take advantage of the current market conditions."