The dangers of malware are nearly as old as computers themselves, but the concept of malvertising is a relatively new one to businesses and consumers alike. While the term malware can mean malicious software of any sort delivered by any means, “malvertising” refers to the use of digital advertisements – including creative, tags and landing pages – specifically to distribute malware, often for financial gain.
Malvertising is now a problem at scale. Recent research suggests that despite improvements in the digital ad landscape, nearly 1 in every 100 ad impressions were still impacted by a malicious or disruptive ad, suggesting that more than 20% of user sessions may be impacted by malvertising. The financial impact of malvertising has grown apace as well. In 2018, it was estimated that the industry lost $210 million annually to auto-redirects, and another $920 million from the ads auto-redirects facilitated with click fraud.
TAG coordinates an industry-wide effort to improve defense against malware to create a safer, more enjoyable experience for consumers and a more trustworthy system for advertisers. In 2017, TAG became the Information Sharing and Analysis Organization (ISAO) for the digital advertising industry, a Department of Homeland Security designation making TAG the primary forum for sharing threat intelligence in our industry.
Since 2014, the Trustworthy Accountability Group (TAG) has partnered with industry leaders to design and strengthen the Certified Against Malware Program, providing companies with a roadmap for taking on the complicated issue of malvertising.
A survey of U.S. consumers conducted by the Brand Safety Institute (BSI) found that 93% of respondents would reduce their spending on an advertised product if the ad had infected their computers or mobile devices with malware – and 73% would stop buying that product altogether. The digital advertising industry has reacted to that consumer attention with greater vigilance and a strengthening of anti-malware practices, and the number of companies holding the Certified Against Malware Seal grew by more than 44% in the past year alone, making it TAG’s fastest growing certification program.
The TAG Threat Exchange enables the TAG Community to share real-time intelligence about threats they see, stay abreast of new and emerging threats that could affect their operations, and protect the digital advertising supply chain as a whole.
Powered by TruSTAR technology, the Threat Exchange enables companies to:
While the concept of sharing threat intelligence is fairly new to the digital advertising ecosystem, the industry has already enjoyed several huge wins against malvertisers thanks to companies sharing information about the threats they uncover with one another and partnering with law enforcement to take down the criminal rings responsible.
If your company is interested in participating in TAG's Threat Exchange program, send an email to email@example.com requesting more information.
[W]e also shared intelligence with other key players in the digital ad ecosystem through the Trustworthy Accountability Group (TAG) Threat Exchange.
By presenting information about persistent and malicious third-party code in the TAG malware group, there is a network effect that occurs. Working together with customers and the industry, our goal is to greatly reduce the impact of these types of large-scale attacks across the advertising ecosystem.
The Anti-Malware Working Group coordinates industry-wide efforts to improve defense against malvertising attacks to create a safer, more enjoyable experience for consumers and a more trustworthy system for advertisers.
TAG malware-related research highlights the challenges, successes and best practices vital to wining the fight against malvertising.
For 2022, TAG is RSAC's Association Partner!
Attend expert-led sessions, inspiring Keynotes, innovation programs, and much more! Join us at RSAC 2022 on June 6-9, in person in San Francisco or virtually.
TAG Members have access to an exclusive discount for passes to the event. Please email us at firstname.lastname@example.org to request the code.