The dangers of malware are nearly as old as computers themselves, but the concept of malvertising is a relatively new one to businesses and consumers alike. While the term malware can mean malicious software of any sort delivered by any means, “malvertising” refers to the use of digital advertisements – including creative, tags and landing pages – specifically to distribute malware, often for financial gain.
Malvertising is now a problem at scale. Recent research suggests that despite improvements in the digital ad landscape, nearly 1 in every 100 ad impressions were still impacted by a malicious or disruptive ad, suggesting that more than 20% of user sessions may be impacted by malvertising. The financial impact of malvertising has grown apace as well. In 2018, it was estimated that the industry lost $210 million annually to auto-redirects, and another $920 million from the ads auto-redirects facilitated with click fraud.
TAG coordinates an industry-wide effort to improve defense against malware to create a safer, more enjoyable experience for consumers and a more trustworthy system for advertisers. In 2017, TAG became the Information Sharing and Analysis Organization (ISAO) for the digital advertising industry, a Department of Homeland Security designation making TAG the primary forum for sharing threat intelligence in our industry.
Since 2014, the Trustworthy Accountability Group (TAG) has partnered with industry leaders to design and strengthen the Certified Against Malware Program, providing companies with a roadmap for taking on the complicated issue of malvertising.
The recent Brand Safety Consumer studies, conducted jointly with the Brand Safety Institute (BSI), found that over 80% of UK and US consumers would reduce their spending on an advertised product by more than half if the ad had infected their computers or mobile devices with malware – and over 57% would stop buying that product altogether.
This consumer behavior trend definitely caught the attention of digital advertisers, resulting in a significant increase in the implementation of industry best practices against malware since the Certified Against Malware program began.
First published in November 2022, the Malvertising Taxonomy was created to help standardise the definition of Malvertising within digital advertising. Developed in collaboration with the TAG Community, the taxonomy includes:
The TAG Threat Exchange enables the TAG Community to share real-time intelligence about threats they see, stay abreast of new and emerging threats that could affect their operations, and protect the digital advertising supply chain as a whole.
Powered by TruSTAR technology, the Threat Exchange enables companies to:
While the concept of sharing threat intelligence is fairly new to the digital advertising ecosystem, the industry has already enjoyed several huge wins against malvertisers thanks to companies sharing information about the threats they uncover with one another and partnering with law enforcement to take down the criminal rings responsible.
If your company is interested in participating in TAG's Threat Exchange program, send an email to info@tagtoday.net requesting more information.
[W]e also shared intelligence with other key players in the digital ad ecosystem through the Trustworthy Accountability Group (TAG) Threat Exchange.
By presenting information about persistent and malicious third-party code in the TAG malware group, there is a network effect that occurs. Working together with customers and the industry, our goal is to greatly reduce the impact of these types of large-scale attacks across the advertising ecosystem.
Chris OlsonThe Anti-Malware Working Group coordinates industry-wide efforts to improve defense against malvertising attacks to create a safer, more enjoyable experience for consumers and a more trustworthy system for advertisers.
TAG malware-related research highlights the challenges, successes and best practices vital to wining the fight against malvertising.
October is Cyber Awareness month and TAG are Cyber Champions!
What does Cyber Champions mean?
This means that throughout October, we'll be sharing tips, cheat sheets and more on how you can stay #CyberSmart and #CyberSafe.
Head to the Cyber Awareness Month Page to get the information you need!
For 2022, TAG is RSAC's Association Partner!
Attend expert-led sessions, inspiring Keynotes, innovation programs, and much more! Join us at RSAC 2022 on June 6-9, in person in San Francisco or virtually.
TAG Members have access to an exclusive discount for passes to the event. Please email us at info@tagtoday.net to request the code.
