The dangers of malware are nearly as old as computers themselves, but the concept of malvertising is a relatively new one to businesses and consumers alike. While the term malware can mean malicious software of any sort delivered by any means, “malvertising” refers to the use of digital advertisements – including creative, tags and landing pages – specifically to distribute malware, often for financial gain.
The first known instance of malvertising dates to 2007, and criminal interest in using ads as a vector for malware attacks has grown slowly over more than a decade now. Malvertising is now a problem at scale, and the scope of that problem has doubled since 2017. Recent research suggests that nearly 1 in every 100 ad impressions are impacted by a malicious or disruptive ad – meaning that more than 20% of user sessions may be impacted by malvertising.
Malvertising degrades consumer trust in the digital advertising industry, and brands face significant financial risk if their ads are found to be “malvertising.” A recent survey of U.S. consumers conducted by the Brand Safety Institute (BSI) and the Trustworthy Accountability Group (TAG) found that 93% of respondents would reduce their spending on an advertised product if the ad had infected their computers or mobile devices with malware, and 73% would stop buying that product altogether.
Because each participant in the ecosystem has visibility into only their subset of the problem, preventing the delivery of infected ads can be challenging without industry coordination. The digital advertising industry has taken significant action to combat the problem of malvertising in recent years, and those efforts are beginning to show dividends.
Keeping ads clean of malicious code is a serious brand safety concern, but the fight against malvertising does not have to be a painful one. By instituting best practices, tightening our collective defenses against malware threats and building a threat-sharing culture throughout digital advertising, the digital advertising ecosystem can change the criminal equation and put an end to the malvertising attacks plaguing our industry today.
Among the best practices described in the White Paper, companies should:
Take responsibility and communicate their commitment by:
Choose the right partners through steps such as:
Work closely with partners to develop and execute their strategy by:
See the bigger picture beyond each individual company by: