Team Confiant

 •  4 minute read

Malvertising Violation Rate at Highest Level in Two Years, According to Confiant 2022 H1 Report

Malvertising cybersecurity and threat intelligence provider, publishes semi-annual MAQ report

Key highlights of H1 2022 Malvertising Ad Quality Index:

  • Overall malvertising violation rate reached its highest level since early 2020. More than one in every 500 ad impressions was an attack.
  • Edge overtook Firefox as the browser with the highest rate of malvertising violations. Google Chrome’s malvertising rate was 60% better than Edge.
  • Gambling remained the most-blocked ad category, followed by Pharmaceutical Drugs, and Cryptocurrency in the number three spot.
  • Heavy Ads were the top quality issues by far, and for some SSPs represented close to 1% of total impressions delivered.
  • Analysis of five large DSPs’ quality and security violations found little to no correlation between DSP size and violation rates.

NEW YORK September 7, 2022 – Confiant, a cybersecurity provider specialized in detecting and stopping threats that leverage advertising technology infrastructure, published the 2022 H1 edition of its industry benchmark report, Malvertising & Ad Quality Index (MAQ). This is the sixteenth report in the series and the first in a semi-annual format. It summarizes the state of ad quality, malvertising and consent compliance in the global digital ad industry in the first half of 2022. Confiant analyzed a sample of more than 400 billion advertising impressions monitored in real time from January 1 to June 30, 2022, across tens of thousands of premium websites and apps to compile the MAQ index.

This report identifies that during H1 2022 the overall malvertising violation rate hit its highest level since early in 2020, with more than one in every 500 programmatic ad impressions being an attack. The rate of malvertising violations increased over 50% from Q4 to Q1 and remained high through the end of Q2.

“This MAQ report confirms that the ad tech industry is seeing the highest rate of malvertising since 2020. Precise measurement of these cyber attacks is critical so the industry can counteract attacks by criminals and other threat actors. We’re proud to be the ad tech industry’s go-to benchmark report for this data,” said Louis-David Mangin, CEO and Co-Founder of Confiant, Inc.  

Around the globe, Canada had the highest rate of malvertising issues, followed by the U.S. and then Great Britain. Reversing recent trends, malvertising rates fell in many European markets, including a 58% drop in Germany.

The avg. file size of programmatic ads continued to be a tax on the ad tech infrastructure, detected by our Heavy Ads specification it was the top quality violation by far. For some SSPs, Heavy Ads represented close to 1% of total impressions delivered and was driven behind Japan having the highest ad quality violation rate. Ad Quality issues were also elevated in Canada, driven by Heavy Ads and Misleading Claims.

The report included detailed assessments of the top 14 SSPs, who represent where the vast majority of global impressions originate. SSP-G took the top spot, with a security violation rate of only 0.01%, an improvement even over their 1st place performance in Q4. Google, the largest SSP exchange, also remained the largest source of ads with security issues, driven by fake download ads rather than malware. Their security violation rate doubled over Q4 and came in at more than twice the industry rate, pushing them into last place among the top SSPs. Newcomers SSP-O and SSP-P — being included for the first time in this report — both ranked worse than the industry violation rate. All other SSPs performed reasonably well.

Quarterly averages can mask significant day-to-day variation in performance, so it’s important to measure the upper bound of the daily security violation rate for each SSP to get a sense of overall risk.

SSPs K and O exhibited particularly high variance in their security rates, with their worst days topping 1%. Conversely, SSP-G matched their nearly perfect performance on overall Security rate with an equally maximum rate of only 0.04%.

New to this report, analysis of the top five DSP’s security and quality violations found little to no correlation between DSP size and violation rates

When comparing browsers grouped as families available across all operating systems, Google Chrome outperformed all other leading browsers with the lowest rate of ad security issues during H1 2022. Microsoft Edge had the dubious honor of being the browser most impacted by security issues, followed by Firefox and Safari. In contrast, the security violation rate for Chrome, also the most popular browser in nearly all markets, was 60% lower than Edge’s.

Confiant allows publishers to block creatives across 100+ different industry categories, including common business verticals and sensitive topics. Consistent with recent quarters the top two most blocked ad categories by publishers were Gambling at 40% and Pharmaceutical Drugs at 13%, collectively representing over 50% of all blocks. Cryptocurrency at 7% gained the number three spot in recent quarters, followed by other sensitive categories to complete the list.

Confiant first introduced the quarterly report, originally known as the Demand Quality Report, in September 2018, as the industry's first benchmark report. The 2022 H1 MAQ Index is the sixteenth report in the series and the first semi-annual report.

Confiant’s 2022 H1 MAQ Index is available by visiting https://www.confiant.com/maq-index

About Confiant

Confiant’s mission is to make the digital world safe for everyone.

Confiant is a cybersecurity provider specialized in detecting and stopping threats that leverage advertising technology infrastructure, also known as Malvertising. We help digital publishers and advertising technology platforms around the world take back control of the ad experience in real-time. In addition, Confiant helps enterprises protect themselves and their customers from threat actors performing these attacks. Confiant oversees trillions of monthly ad impressions with innovative integrations embedded deep into the ad tech ecosystem, giving us a unique vantage point. Our superior detection set for phishing, crypto scams and malware attacks using ads as a vector is one-of-a-kind in the industry. Confiant executes our mission everyday to protect users and organizations of all sizes, including Microsoft, Orange, Paramount and IBM. We offer unique and actionable insights into threats that systematically target brands, businesses, individuals and supply chains via ads. Our recently published Malvertising Matrix maps the tactics, techniques and procedures active in Malvertising today, inclusive of emerging Web3 Layer 4 threats. To learn more about Confiant and our technology visit: www.confiant.com