Read the full report below, or enter your email to download the PDF.
Q1 2021 has served to truly show how bad actors have evolved over time into very sophisticated malvertisers. The methods they employ to remain undetected and execute their attacks have become increasingly refined.
Gone are the days of opportunists who launch large-scale attacks expecting them to remain unnoticed. In today’s environment of anti-malvertising solutions, malvertisers have adapted and found ways to overcome the protection measures that publishers and ad platforms have in place.
Across Q1 2021, our data shows that malvertisers are coming up with entirely new ways of attacking, targeting different avenues to launch attacks, employing new methods to hide attacks, and even looking for the presence of anti-malvertising solutions in an effort to evade detection.
Read the Q2 2021 SMART Report to learn more about:
This report is built using impression and threat data gathered from sites across the entire cleanAD network.
The data included in this report is collected through behavioral analysis of tens of billions of impressions each month, in real time, on over 8 million websites and apps.
In Q1 2021, there was a large influx of threat variants delivered through numerous supply paths.
We saw more instances of the same threat utilizing a wider variety of techniques to hit a target including:
Malvertisers have increasingly shown signs of actively probing for anti-malvertising tools in an effort to circumvent or avoid them.
Some actions we regularly see include tampering with perceived objects or network communications.
In general, these tampering efforts often may have a greater impact against anti-malvertising tools that use creative wrapper initializations than with on-page initializations.
Malvertisers are getting increasingly creative with novel blocklist-avoidance techniques.
Bad actors have become more patient in their pursuit to drive engagement.
They are spending on “safe campaigns” to deceive publishers and platforms.
These “safe campaigns” never execute a malicious payload and are always running, which makes the malvertisers appear to be legitimate advertisers.
Malvertisers have started incorporating more non-redirect attacks into their repertoire.
The overall malvertising threat level declined by 48% in Q1 2021, coming off the very busy Q4 2020 holiday and retail season. Additionally, the effects of the COVID pandemic on threat level are starting to wane.
Q1 started with a higher threat level, but subsided as the quarter progressed, likely due to the introduction of increased demand in the advertising ecosystem.
Fewer single-day attacks also led to a less volatile quarter.
European and North American markets continue to experience the highest threat levels, with Switzerland ranked #1 for Q1 2021.
The United States and Canada were #2 and #4, with France taking the #3 spot, and other EU nations directly following.
There were also notable quarterly increases in Asia-Pacific, including Australia, Singapore, New Zealand, and Japan.
While the largest attacks of the quarter took place on desktops, mobile remains the channel of choice for malvertisers.
While mobile web has historically experienced the highest malvertising threat levels, the majority of large-scale, single-day attacks have consistently been targeted at desktop users.
Unlike previous quarters, large-scale, single day attacks were not as prevalent in Q1, but the high level of mobile web attacks has continued from trends in prior quarters.
As in previous quarters, mobile web continues to be the target of the overwhelming majority of malvertising attacks.
There are a variety of reasons for this, including the difficulty of implementing scanning solutions for mobile devices, and the fact that some attackers exclusively target cell networks for their attacks.
Threats decreased across nearly all browser types in Q1 compared with Q4 2020, however the top three attacked browsers in Q1 2021 were all mobile browsers.
Chrome was the most attacked desktop browser, with a large gap between it and the remaining desktop browsers.
Facebook remains far and away the highest attacked social media browser in the advertising ecosystem.
Snapchat, Instagram, and Pinterest remain far behind.
In Q1 2021, malvertisers shifted the SSPs through which they are executing attack
Attackers generally moved away from the larger SSPs toward some of the smaller SSPs in Q1.
Download this Report