CISA Identifies Malvertising as a National Security Threat (Here's Why It Matters to Publishers)
by Kathleen Booth, on Feb 25, 2021 9:00:00 AM
The U.S. Cybersecruity and Infrastructure Security Agency (CISA) released new guidelines last month, urging federal agencies to protect themselves from malvertising by installing ad blockers on all employee computers.
This news should be particularly alarming to online publishers and advertising platforms that have not invested in malvertising prevention for their sites and platforms.
Normally, when we talk about malvertising here at clean.io, it's about protecting your users from experiencing online scams and redirects that may cause them to lose trust in your business. But CISA’s new guidelines put the spotlight on a far more serious issue.
Why This Matters
If the U.S. government is now recommending that ad blockers be installed on every federal government employee computer, it's a sign that this isn't just your average user having a frustrating experience with a redirect.
It means that the government doesn't trust that the advertising ecosystem as a whole is doing its job to deliver safe ads. And it means you, as a publisher or advertising platform, could be the vehicle through which U.S. national security and elections are compromised.
As telework continues to expand, CISA has noticed national security risks associated with malvertising. It can make users vulnerable to malware, phishing sites, and third party data collection; even referencing foreign groups using malvertising as a channel to compromise state election boards.
Malvertising is just a vehicle, and it's a vehicle that's available for really anyone who's able to exploit it. Whereas normally it's a vehicle for sophisticated performance marketers looking to make a quick buck, CISA believes malvertising has now become a channel for well funded groups (who may in some cases be backed by nation states) to steal private information and threaten national security, and is recommending the use of ad blockers as a preventive measure.
The Problem(s) With Ad Blocking
Ad blocking software has a number of use cases, the most common being as a way to streamline the user experience for visitors who have a personal preference not to view ads when they visit websites. When it's used to protect against malvertising, as the U.S. Government is suggesting, it is really just a band aid for a problem in need of a far more permanent solution.
Ad blockers work like metal detectors, checking a database of “verified” advisors and letting them by, while blocking out those not on the list.
This is an imperfect system that can hurt users, publishers, and advertisers alike. The types of malicious actors that target State election boards and jeopardize national security are incredibly sophisticated and have the ability to spoof “verified” advertisers, while harmless advertisers who haven’t paid to get on an approved list may get forced out.
Not only are ad blockers an imperfect solution for preventing malvertising attacks, they also take away legitimate and important ad revenue from publishers.
In the end, users who employ ad blockers not only damage the revenue of their favorite publishers, they do it while still leaving themselves vulnerable to attacks.
It’s Time for the Digital Advertising Ecosystem to Step Up
Advertising platforms and publishers can solve this at the source by taking ownership of the problem and putting anti-malvertising protections in place.
There are a number of software solutions on the market that will stop the bad actors on your site before they become a problem. cleanAD is just one of them, and while we believe it's the most effective, we also believe strongly that ANY protection is better than no protection.
When the end user —your customer— is forced to invest in tech to defend themselves from attacks while visiting your site, not only do you lose revenue (and potentially the trust of your users), it’s a sign that the digital advertising ecosystem is broken.
The tools to solve the problem are there. We just have to choose to use them.