Risk

1/19/2016
03:30 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Bots Will Inflict $7.2 Billion In Fraud On Digital Advertisers In 2016

Fraudsters see a gold mine in online ad ecosystem.

Despite heightened awareness about digital ad fraud, criminals operating massive botnets continue to completely game the online advertising marketplace. A new report today by WhiteOps and the Association of National Advertisers (ANA) shows the bot masters are making billions of dollars by tricking advertisers into thinking more people viewed and clicked their ads than actually did.

In its second year running, the 2015 Bot Baseline study examined over 10 billion online advertising impressions from dozens of brands across hundreds of campaigns for two months. The study showed that the average brand suffered $10 million in damages. By extrapolating the rate of fraud across the industry, WhiteOps estimates that bots will inflict $7.2 billion in damages to digital advertisers in the coming year.

That's higher than in 2014, when advertisers worldwide lost $5 billion, and within the range of the predicted rate of loss for 2015 concluded in the first report conducted by WhiteOps and the ANA.

The criminals use these bots against advertisers by infiltrating systems at numerous points in the digital advertising ecosystem. With much of today's advertising world run by automated systems and complicated advertising platforms, the fraudsters have figured out how to either use bogus sites that serve up ads to phony "viewers" that are actually just bots, or through unethical traffic sourcing or audience extension services used by publishers who need to boost traffic in order to fulfill inventory requirements promised to advertisers. In the second case, that relationship could be engaged knowingly or ignorant of that third-party's links to shady bot practices.

"Advertising fraud has the curious status of almost seeming legitimate; you couldn’t expect to get away with raiding a bank account or accessing someone else’s Gmail account, but defrauding advertisers, even by using the host user’s identifying cookies, doesn’t seem nearly as criminal," says Dan Kaminsky, co-founder and chief scientist for WhiteOps, explaining that end users see little impact from the fraud while bot operates rake in the cash.

"Many do not even operate their own infrastructure. So this sort of fraud has a surprising number of  'legitimate' participants," Kaminsky says. "We’ve found companies where not everyone at the company knew they were fraudulent operations."

Some bots afflicting advertisers are not necessarily technically sophisticated, but most ad fraudsters operate with a high degree of sophistication in their knowledge of the way digital ads are bought and sold. For example, bots target programmatic advertising 73% more than average. Most specifically, the more expensive programmatic video ads that reap more profitable gains from bot operators saw a 273% higher bot rate than average.

Similarly, bot operators home in on targeted campaigns based on demographic or geographic quotas because advertisers pay more for impressions in these cases. Some targeted campaigns saw a prevalence of twice as many more bots than others. 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
1/25/2016 | 10:56:08 PM
Ad Earning Analysis Programs
One aspect of this is the depressing nature of businesses that "don't know" or "don't realize" a particular aspect of their business has either gone awry, hijacked by malicious players, or is actually illegal but being managed by staff who are not aware of it.

Companies who have large amounts of money tied up in adverts should have intelligent applications monitoring, data mining and analyzing what ads are being farmed, what activity surrounds those ads and how much income is ultimately associated with it.  Intelligent programs will highlight when actual earnings do not match up with the actual activity.

Of course, this assumes a real company having their ads hijacked.  The same software could be used with some modifications to anticipate expected activity and feedback false information to meet expectation.

A fascinating area of cybercrime that demands more attention.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/23/2016 | 12:41:00 PM
Blocking
Digital advertisers whine and complain about consumers and users using ad blockers -- but this is why.  It's their own fault.  They need to clean up their own security acts to even begin to reinstill confidence, because one of the biggest reasons why people prefer to block ads is online ads' association with security risks.  (Java and Adobe Flash, anyone?)
Ilya Geller
50%
50%
Ilya Geller,
User Rank: Apprentice
1/19/2016 | 6:28:53 PM
Bots (children of the passed away Internet) may spam as much as they want ads shall not ever reach people.
Being structured advertisements search for people themselves, based on the people's profiles of structured data.

In the Cyberspace (which already replaces Internet) no way advertisements, spam can reach people who don't want, need them: patterns of ads and personal profiles won't match each other.

Why 'replaces Internet'? Oracle: 'Term weights represent an extremely powerful feature, and care should be taken when using them... terms in an index are automatically weighted based on their distribution in the indexed content.'

The only distinction between Google (No)SQL and Oracle technologies was into statistics, the above weights - which Google obtains from Internet, so called 'popularity', while Oracle (before ATG) had either none or manually assigned. Now Oracle ATG gets the statistics internally, from inside data itself.

Internet is gone and bots (children of the passed away Internet) may spam as much as they want – ads shall not ever reach people.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17182
PUBLISHED: 2018-09-19
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations...
CVE-2018-17144
PUBLISHED: 2018-09-19
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...