Holiday Preparedness: Malvertising Shifts Signal Volatile Holiday Season

by Andrew Reed, on Oct 28, 2021 3:30:00 PM

As the holiday season approaches, Q3 closes with massive 231% spikes in malvertising threat levels with new evasive attacks from familiar foes. And for the world of online advertising, the holiday season means not only increases in ad spend, discounted products, and an influx of web traffic, but also prime time for online scams and malicious advertising.

Shoppers flock online looking for the best prices for products on their wishlist, making them susceptible to not only legitimate sales but also those “too good to be true” ads looking to steal information.

Threat Trends


Previous years show how spikes in ad spending and online shopping trends make Q3 and Q4 particularly vulnerable to large-scale malvertising attacks, and that being left unprotected could end up hurting your potential ad revenue during the most lucrative days of the year.

And coming off Q3’s 231% spike in new and difficult to catch malvertising attacks, and COVID-19’s continued acceleration of the ecommerce market, this upcoming quarter could be particularly impactful to your ad revenue.

--Article Continues Below--

New call-to-action

--Article Continues Below--

2019 and 2020 Holiday Trends

While threat level in 2019 was higher than in 2020 during Q4, trends were similar with both years showing spikes around Cyber Monday, Christmas, and leading into New Year’s.

Spikes also occurred outside of Q4 in 2020, where threat levels were generally higher overall. 

Holiday Season Comparison

The holiday threat level in 2020 likely remained low because of the extended online shopping season as a result of COVID-19, allowing bad actors to spread out their attacks and decrease their likelihood of detection. 

But overall, the baseline threat level in 2020 remained higher and more volatile than 2019, with clear spikes in attacks surrounding familiar holidays in and out of Q4.

2020 Threat Level

Our data also shows how techniques shifted between the years, as 2019 attacks were roughly just two SSPs causing a large portion of the attacks prevented across our network, with a large spike on Dec. 2.

Network attacks by ssp

2020 attacks were lower in volume, but 12 different SSPs made up 95% of threat volume, as malvertisers diversified their attacks to evade detection before a 15x increase in the 24 hours leading up to Cyber Monday.


Attacks continued to persist in the days following, spreading themselves out through 10-14 SSPs for the remainder of the month, leading all the way up to New Year’s Eve.

Attacks by SSP

These types of attacks indicate not only a preference to target users during times of high traffic and vulnerability (or when users are already looking for deals and are more easily coerced into online scams) but also a desire to avoid anti-malvertising tools in addition to switching attack strategies and hiding behind multiple URLs and SSPs.

This not only highlights the need for effective anti-malvertising tools to protect your site and your users but one that is able to quickly adapt to new strategies and threats. 


2021 Malvertising Trends

Similar to 2020, our 2021 data shows clear spikes in threat levels surrounding popular holidays, trailing into a huge increase towards labor day and the end of Q3.Threat Level 2021

During the attack spike in the most recent quarter (Q3 2021), malvertisers turned away from familiar and preventable stable redirects in favor of new payloads and difficult to catch malicious landing pages, which many traditional anti-malvertising tools failed to detect or prevent.

This can mean, protected or not, your website is still vulnerable to new attacks when using a traditional blocklisting approach to your malvertising protection.

Going into Q4, an accelerated online shopping atmosphere due to the lingering COVID-19 virus means potential for either a uniquely profitable season for online advertising or one stunted by malicious attacks and scams.


True Preventative Security 

New attack types, shifting strategies, and ever-increasing web traffic all highlight the need for a malvertising solution capable of handling diverse and growing attacks instantaneously, with no lag to the publisher or platform.

At cleanAD, our unique script blocks attacks behaviorally and on run time, meaning you remain protected when new malicious ads enter the ecosystem and still get paid for the blocked ad’s impressions, keeping your website and revenue safe during holiday spikes in attacks.

If you are finding yourself constantly having to track down malicious advertisers to add them to your block list, you can reclaim lost time and resources by signing up for a free 14-day cleanAD trial here.

New call-to-action

Topics:Malvertising DataMalvertisingMalvertising 101Malvertising Solutions

Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates