How COVID has Affected Key Malvertising Statistics in Q2 2020
by Marshall Moritz, on Jul 23, 2020 12:15:00 AM
This series explores each of our Q2 Smart Report findings in more depth and detail. Explore all articles in this series:
- How COVID has Affected Key Malvertising Statistics in Q2 2020 (this article)
- How Attackers Used SSPs & DSPs to Execute Attacks in Q2 2020
- Malvertising Statistics: Attacks on Browsers & Devices in Q2 2020
- Full Q2 2020 Smart Report
After reviewing the Q2 2020 attack data to pull together key malvertising statistics for our Q2 2020 Smart Report, one of the most evident correlations is between the global shifts related to the COVID-19 pandemic and the activity of malvertisers.
On the whole, we’ve seen attackers take advantage of a world in turmoil. There is clear evidence of correlation between the timing and volume of attacks, and the significant changes around the world in the face of the pandemic.
Shifts in Demand
It has been widely observed that the onset of COVID, and shifts related to quarantine and lockdown measures, have yielded a massive impact on the advertising industry.
The World Economic Forum has clearly articulated how and why the pandemic has caused a considerable drop in advertising spending overall.
Some of the most telling statistics shared in the article, cited from eMarketer and Accenture data, include:
- A 10% YoY drop in ad spending in the US
- An 8% YoY drop in ad spending in China
- A 12% YoY drop in ad spending in the UK
- A 12% YoY drop in ad spending in Germany
How Shifts in Demand Affect Threat Levels
Unsurprisingly, given the major consequences to the entire advertising industry due to COVID, there are follow-on effects we observed in our Q2 threat level data. These shifts made launching a malvertising campaign easier for threat actors.
Timeline of Attacks
From a high level, the shifts in threat level followed a similar pattern in the timeline to dates of quarantines or shut-downs related to COVID.
This chart shows the shifts in threat level across Q2 2020.
Overlaying our Threat Level data with growth of Global COVID cases, we observe that the initial spike in threat level has strong correlation with the initial onset of rapid COVID case growth.
A number of clear trends emerge when comparing clean.io data against the timelines of major quarantine or lockdown activities. The US lockdown measures, for instance, began in early March, near when the first major spikes in malicious ads and threat levels occurred.
In mid-May many states began the process of reopening, coinciding with major drops in threat level where malvertising activity returned closer to normal levels.
Highly Impacted Verticals
We are also able to clearly tie decreases in advertising demand, in terms of both volume and pricing, to COVID trends by looking at commonly targeted verticals.
In the chart above, the four most highly impacted verticals by malvertising attacks in Q2 2020 were Auto, Education, Travel, and Sports.
Three major takeaways emerge when reviewing these particular malvertising statistics:
- Increased threat levels in verticals that saw increased traffic from “Work From Home” lifestyle adjustments (Education, Home).
- Verticals that were slowed or completely shut down due to COVID saw a drop in advertising spend level from brand advertisers (Travel, Sports, Auto), and thus driving lower CPMs, maintained significantly higher threat levels.
- News Sites, which often have increased price floors and stricter category blocks (meaning their advertising costs would not have dipped to a level that was as attractive to malicious actors), were 20x less likely to see Malvertising than Auto and Education Sites.
It stands to reason that environmental shifts that reduce advertising prices clearly open the door and provide opportunities for malvertisers to make a larger profit by attacking where ad prices are the lowest.
Attacks by Geography
Clean.io observed that specific countries were more impacted by malvertising attacks than others. And, you guessed it, when we compared that list of countries to those hit the hardest by COVID cases, they were quite similar.
What’s more, the timing of malvertising attack spikes very closely matched the timing of major spikes in COVID-19 cases in those countries. The diagram below shows when Threat Level spikes occurred in the countries most affected by malvertising in Q2 2020.
As you can see, the list of most affected countries closely matches the countries most affected by COVID. The image below is a snapshot taken from the WHO’s real-time case tracker and shows the countries most affected by COVID:
You can also see that the spikes in threats are clustered primarily between early April and mid-May correlating strongly with when total cases really began to take off.
Shifts in demand are key.
What is happening in the world has significant effects on supply prices, creating an environment that encourages lower Floor prices, thus presenting an opportunity for bad actors to access more inventory, more cost-effectively, thus driving threat levels up.
Attacks are well coordinated.
Bad actors very quickly shift approaches and conduct attacks that are well coordinated by date and location to make their attacks easier to execute and more effective.
The most important information to take away from this data is that bad actors will take advantage of reduced advertising prices or environmental changes which make advertising networks, publishers, and platforms more vulnerable to malicious code.
It is also important to keep these shifts in mind as certain regions begin to experience second waves of the virus and additional quarantine measures. We may be in store for another wave of increased threat levels as demand levels shift with these new changes.