New Security Report! The Vulnerabilities in Native Advertising
March 14, 2017
GeoEdge has released the security report, The Vulnerabilities in Native Advertising. Many publishers are not aware that native ads do not reduce the threats of malvertising. The risk is, actually, even more acute. This reports takes a critical look at the issues, from user security and malvertising threats to ambiguity and proper disclosure.
This format relies on scripts to handle delivery and targeting, and these introduce a wide range of security risks that need to be addressed. The current malvertising security threats are already severe.
Summary of findings:
There is a high risk for malvertising in the post-click, specifically in the landing page.
As native advertising units are basically scripts created to handle delivery and targeting, it is relatively easy for malware purveyors to insert malicious third-party scripts and codes.
Automated tools are used to discover third-party landing sites used in native ad campaigns and the attackers hijack those pages.
Cybercriminals create ad campaigns with clean content and once the campaign is successfully running, they activate the malicious code in the landing page to infect the user.
Cybercriminals often create target specific attacks. Targeted users are driven and or redirected to a malicious landing page from the native ad, while non-targeted users are shown a clean landing page.
"Native advertising is fast becoming one of the more preferable ways to monetize publishers' inventory. However, many publishers are not aware that native ads do not reduce the threats of malvertising. The risk is even more acute as users may lower their guard when interacting with these ads," said Amnon Siev, CEO. "GeoEdge stands ready to protect publishers and their users from native malvertising."
GeoEdge provides publishers, platforms and networks with full-scale malware protection and ad quality verification for online, mobile, video and native ads.