Risk

1/19/2016
03:30 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Bots Will Inflict $7.2 Billion In Fraud On Digital Advertisers In 2016

Fraudsters see a gold mine in online ad ecosystem.

Despite heightened awareness about digital ad fraud, criminals operating massive botnets continue to completely game the online advertising marketplace. A new report today by WhiteOps and the Association of National Advertisers (ANA) shows the bot masters are making billions of dollars by tricking advertisers into thinking more people viewed and clicked their ads than actually did.

In its second year running, the 2015 Bot Baseline study examined over 10 billion online advertising impressions from dozens of brands across hundreds of campaigns for two months. The study showed that the average brand suffered $10 million in damages. By extrapolating the rate of fraud across the industry, WhiteOps estimates that bots will inflict $7.2 billion in damages to digital advertisers in the coming year.

That's higher than in 2014, when advertisers worldwide lost $5 billion, and within the range of the predicted rate of loss for 2015 concluded in the first report conducted by WhiteOps and the ANA.

The criminals use these bots against advertisers by infiltrating systems at numerous points in the digital advertising ecosystem. With much of today's advertising world run by automated systems and complicated advertising platforms, the fraudsters have figured out how to either use bogus sites that serve up ads to phony "viewers" that are actually just bots, or through unethical traffic sourcing or audience extension services used by publishers who need to boost traffic in order to fulfill inventory requirements promised to advertisers. In the second case, that relationship could be engaged knowingly or ignorant of that third-party's links to shady bot practices.

"Advertising fraud has the curious status of almost seeming legitimate; you couldn’t expect to get away with raiding a bank account or accessing someone else’s Gmail account, but defrauding advertisers, even by using the host user’s identifying cookies, doesn’t seem nearly as criminal," says Dan Kaminsky, co-founder and chief scientist for WhiteOps, explaining that end users see little impact from the fraud while bot operates rake in the cash.

"Many do not even operate their own infrastructure. So this sort of fraud has a surprising number of  'legitimate' participants," Kaminsky says. "We’ve found companies where not everyone at the company knew they were fraudulent operations."

Some bots afflicting advertisers are not necessarily technically sophisticated, but most ad fraudsters operate with a high degree of sophistication in their knowledge of the way digital ads are bought and sold. For example, bots target programmatic advertising 73% more than average. Most specifically, the more expensive programmatic video ads that reap more profitable gains from bot operators saw a 273% higher bot rate than average.

Similarly, bot operators home in on targeted campaigns based on demographic or geographic quotas because advertisers pay more for impressions in these cases. Some targeted campaigns saw a prevalence of twice as many more bots than others. 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
1/25/2016 | 10:56:08 PM
Ad Earning Analysis Programs
One aspect of this is the depressing nature of businesses that "don't know" or "don't realize" a particular aspect of their business has either gone awry, hijacked by malicious players, or is actually illegal but being managed by staff who are not aware of it.

Companies who have large amounts of money tied up in adverts should have intelligent applications monitoring, data mining and analyzing what ads are being farmed, what activity surrounds those ads and how much income is ultimately associated with it.  Intelligent programs will highlight when actual earnings do not match up with the actual activity.

Of course, this assumes a real company having their ads hijacked.  The same software could be used with some modifications to anticipate expected activity and feedback false information to meet expectation.

A fascinating area of cybercrime that demands more attention.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/23/2016 | 12:41:00 PM
Blocking
Digital advertisers whine and complain about consumers and users using ad blockers -- but this is why.  It's their own fault.  They need to clean up their own security acts to even begin to reinstill confidence, because one of the biggest reasons why people prefer to block ads is online ads' association with security risks.  (Java and Adobe Flash, anyone?)
Ilya Geller
50%
50%
Ilya Geller,
User Rank: Apprentice
1/19/2016 | 6:28:53 PM
Bots (children of the passed away Internet) may spam as much as they want ads shall not ever reach people.
Being structured advertisements search for people themselves, based on the people's profiles of structured data.

In the Cyberspace (which already replaces Internet) no way advertisements, spam can reach people who don't want, need them: patterns of ads and personal profiles won't match each other.

Why 'replaces Internet'? Oracle: 'Term weights represent an extremely powerful feature, and care should be taken when using them... terms in an index are automatically weighted based on their distribution in the indexed content.'

The only distinction between Google (No)SQL and Oracle technologies was into statistics, the above weights - which Google obtains from Internet, so called 'popularity', while Oracle (before ATG) had either none or manually assigned. Now Oracle ATG gets the statistics internally, from inside data itself.

Internet is gone and bots (children of the passed away Internet) may spam as much as they want – ads shall not ever reach people.
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.