NEW YORK March 25, 2021 – Cybersecurity startup Confiant, Inc., the market leader in ad security and ad quality control for digital publishers, has expanded its verification technology to cover Native Ads. Publishers can now protect their users from malicious native ads that disrupt the user experience and threaten their security.
Native Ads are the latest front in the malvertising wars. Historically, Native was not a major source of malicious activity due to the fact that those ads do not allow dynamic code execution, preventing a variety of malvertising schemes. Malicious actors have over the past two years honed a new attack type Confiant terms ‘malicious clickbait’. This newest ad attack type represents a new generation and is rapidly propagating across the attack landscape. Confiant has reported extensively on this shift in their research, with the first major attack scheme, FizzCore, reported in January of 2020.
Malicious Clickbait attacks are particularly challenging to contain because their landing pages are technically hidden from any but their target victims, with the content designed to promote criminal scams that mimic the editorial content of real news sites.
The clickbait portion of the attack is often promoted to users in their social media news feeds, as search and promoted listings, and as “recommended content” near an editorial article the user has just read, before entrapping the user on the infected landing page. Because Native Ads emulate desirable user content, they have become prime vectors for this maliciously lucrative activity, compromising publisher integrity.
Native ads succeed because they perform effectively for advertisers, research confirms it: According to Outbrain, “53 percent of users consume native ads while frequently ignoring more obvious display advertisements.” Some native ads have even edged out user engagement over host page content! Unfortunately this strong performance empowers malicious actors too and the shift in attack methods reflects the efficiency of this new vector.
In March Confiant detected multi day spikes of malicious activity that accounted for 1 out of every 66 impressions served by one native ad platform during that time.
“It’s helpful to see the various Native domains in the dashboard that were blocked, so we can bring the issues to the provider's attention,” publisher Love to Know said in a statement to Confiant.
“Confiant’s offering has long provided publishers security and quality control over programmatic display ads on their sites. Now that the malvertising landscape is evolving to include more surreptitious malicious clickbait attacks that resemble high-value editorial content, it was natural to expect the bad actors would add Native Ads as a vector. Disrupting malvertising money making methods with a world-class security team and industry leading technology is how we’re making the internet safer,” said Louis-David Mangin, CEO and Co-founder of Confiant.
“The rise of programmatic has required publishers to be exponentially more concerned with malvertising prevention now than they were five years ago, but these threats are an ever-evolving landscape and complaints are on the rise, necessitating a hyper-vigilant, comprehensive security solution covering all types of ads, including native.”
With the addition of native ad coverage, Confiant’s end-to-end solution helps prevent revenue loss due to user attrition, reputational damage, and potential legal exposure when the public falls prey to malicious native ads hosted on publisher websites.
About Confiant
Confiant’s mission is to make the digital world safe for everyone. We defend publishers and ad platforms by helping them take back control of the ad experience and protect their users. Our solution protects reputation, revenue, and resources by providing real-time verification of digital advertisements.
Confiant’s technology actively blocks and detects malicious activity and low-quality ads. By providing industry-leading protection from malvertising, disruptive ads, and privacy risks Confiant empowers premium ad platforms and publishers with actionable data to ensure the digital ad ecosystem is safe and secure for everyone. We detect and protect billions of ad impressions per month for our clients, which include CBSinteractive, Magnite, Gannett, and Politico.