Is that Ad just Annoying, or is it Dangerous?

Ad fraud – what is it and how is it a serious cybersecurity threat?

That is what we set out to learn when we talked with Maggie Louie, Co-founder and CEO of DEVCON.  The term ad fraud may very well conjure up visions of a smarmy script kiddie in their parent’s basement deploying bots to run up illegitimate clicks on their affiliate network ads.  No doubt this is where this type of fraudulent activity gained notoriety, but we have come a long way from the days when ad traffic analytics could easily be fooled by bots.

Maggie told us, “The problem today is much greater than just ad fraud as we have traditionally thought of it.  Hackers have found ways to use the ad highway – that is the infrastructure and technology by which ads get onto websites – to exploit the ad tech ecosystem in various ways. This highway is conducive for money laundering, generating fake revenue, and for deploying large exploits.”

How big a problem is it?

What people don’t realize is that these malicious ads can do more harm than just cause annoying pop-ups.  They distract the audience and hurt revenue.  In many cases, they do more permanent damage with exploits like drive-by downloads. These ads will immediately pull down an executable file onto the victim’s computer. Once the file is downloaded, it can affect the victim’s machine and spread many types of attacks, including ransomware and viruses.

In recent years, the publishing and advertising industry has come under siege from ad fraud and these growing attacks will cost the industry $19 billion this year alone. That’s $52 million a day. Researchers project that by 2022, that number will rise to $44 billion in annual losses, according to DEVCON.

What are the current hacker strategies?

There are many different techniques being used today.  Because of the level of arbitrage happening in this ecosystem, one thing that is easy for an experienced hacker to do is to hot-swap account tags to make it appear an ad is associated with a different account. This would be very hard to detect. This is just one example of a low-level exploit used to siphon off ad revenue.

A technique that is becoming more and more popular, and one we are likely to hear more about in the coming months and years, is the very dangerous steganographically-based attack. Maggie explained, “These are steganographic exploits that can be encrypted inside the actual ad creative itself by using the Stegosploit Toolkit to create polyglots. In this case, the image is being used to obfuscate any variety of attacks and deploy those en masse, for pennies.”

She continued, “The more advanced attacks may siphon off a little ad revenue, but what they are really doing are things like drive-by downloads or cryptomining. In our research, we have been able to distribute quite a few advanced exploits using these techniques.”

What’s a security professional to do?

This, of course, begs the question, what can be done to protect against these advanced steganographically-based attacks?

Maggie addressed this question, “At DEVCON we cater to publishers and ad networks. We protect the publisher, the consumer, and the ad network from these bad ads that are getting filtered in. We filter them out such that the ad revenue continues to run. Ours is a cloud-based solution so the architecture is extremely simple; just a small Java snippet run on either the page or ad server and takes about five minutes to set up. It allows us to provide real-time remediation.”

“I think that it is important for the cybersecurity community to really start focusing on this problem and look at it more seriously and closely. For a long time, the thought has been that these were really just annoying ad problems, not cybersecurity problems. But as the cyber community begins to understand the types of exploits that are making their way through these pipes, the faster real change can take place.  It’s the lack of cyber oversight that is generating this big back door through the ad ecosystem. What’s going on in the ad tech world really does pose a major threat,” she said.

DEVCON’s FREEDOM for MEDIA initiative will give free access to the DEVCON platform and tools to thousands of publishers. FREEDOM for MEDIA will not only give free support to publishers but, through mass publisher use, will be the focus of an industry-wide study that will be presented at the 2019 Mega Conference along with a white paper documenting the biggest risks and losses from the publisher side of the problem.

To learn more about DEVCON’s FREEDOM For MEDIA initiative, watch the video below.

By: Steven Bowcut, CPP, PSP, Brilliance Security Magazine Editor-in-Chief.