In the light of recent high profile malvertising attacks, the adtech industry is finding itself as a center of attention in respect to the ongoing malware epidemic. In this article we will cover how in fact it is the industry itself that to some extent is causing malvertising attacks to be possible.
HOW DO MALVERTISING ENTER ONLINE ADS?
Malvertising is made up of ads that in addition to delivering the ad creative, also deliver malicious payload targeting internet users. Using standard function of common ad platform, malvertising can be targeted in many different ways, for example:
In all of the cases, the mechanism and process are exactly the same:
To understand how this is possible and how exactly malware can get in to the system, we have to first understand how the adtech industry is structured.
The adtech supply-chain is principally made of 5 different stakeholders:
Out of these the user is a genuine victim.
The publisher is a minor cause due to irresponsible behavior in respect of working with too many 3rd-parties, including working with more than one exchange partner to increase yield, not having appropriate policies in place and by allowing 3rd-parties to act as conduits for nth-parties.
Exchanges are a slightly greater cause due to not having appropriate policies in place and by allowing 3rd-parties to act as conduits for nth-parties, not only in respect to tracking but also in respect to redirecting practices.
Demand side platforms are a far greater cause due to allowing through their platforms virtually any 3rd-party tag to be delivered together with ad creatives.
Trading desks and buyers can be broken in to two in this case; where the trading desk is acting as a conduit for the buyer/s, and where the trading desk itself is a buyer. Further these can be broken down in to two; where the trading desk is intentionally engaging in malvertising, and one where they are being used as a conduit for malvertising.
In simplistic terms, the way the supply-chain operates in terms of transactions is also important to understand:
There are 4 different modes in which this process takes place:
1. single exchange – no exchange redirects
2. multiple exchange – no exchange redirects
3. single exchange – exchange redirects
4. multiple exchange – exchange redirects
The most complex of the four modes in which malware delivery take place within the online advertising eco-system, is also by far the most common. Arguably more common than the three others combined. A point indicative of the structural issues acting as a cause to the malvertising problem.
ROLES AND RESPONSIBILITIES OF VARIOUS ADTECH COMPANIES