This report is built using threat and attack data gathered from sites across the entire cleanAD network. The data included in this report is collected through behavioral analysis of tens of billions of impressions each month, in real time, on over 8 million websites and apps.
Read on for full details on the data and insights contained in the report (no form fill required!).
Note: You are welcome to share and republish the data and charts included in this report. We just ask that you attribute the source and link back to this page.
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(3).jpg)
Learn more about how threats shifted over the course of Q4 and the entirety of 2020.
Q4 threat levels were influenced by major attacks and heavy user traffic days.
Q4 2020 showed plenty of holiday and retail related spikes, particularly right before days with high levels of traffic like shopping- related holidays and the U.S. election (when most of the advertising for those events is taking place).
Q4 threat levels were far less volatile than the same quarter last year.
Shopping behavior has changed as merchants have responded to the COVID-19 pandemic and the related restrictions on in-person shopping by spreading discounts across the holiday season rather than focusing on specific "discount days."
This, in turn, has resulted in smoother than normal malvertising attack patterns in a quarter that otherwise historically saw concentrated spikes around Black Friday and Cyber Monday.
Overall 2020 threat levels have mirrored shifts in behavior related to COVID.
The early part of the year showed significantly elevated threats in line with the timing of the scaling of the pandemic, and somewhat diminishing levels as the year progressed and businesses and individuals adjusted to the 'new normal.'
While the largest attacks of the quarter took place on desktops, mobile remains the channel of choice for malvertisers.
In Q4, desktop threat level was driven primarily by isolated attacks while mobile threat level remained more consistent.
Desktop threat level remained relatively low with the exception of very specific, targeted attacks.
Mobile threat level on the other hand remained consistently high across the quarter.
Threat levels have decreased across all device types from Q3 to Q4 2020.
While still holding first place in threat level by more than 2x, mobile has shown a 49% quarter over quarter drop. As brand advertisers reemerged in the second half of the year, we saw a resulting reduction in mobile web threat level.
Desktop threat level dropped by 31% in Q4 and App threat level dropped by 68%
Nearly all social browsers saw decreased threat levels in Q4.
Brand advertisers also reemerged on social, driving down the social threat level. This was driven in part by social shopping, but more importantly, by increased competition for ad space from a surge in advertising related to the U.S. election cycle.
2020 saw some interesting shifts in how bad actors utilized both SSPS and DSPS to execute attacks.
Data from 2020 shows that bad actors are shifting to using more DSPS to attack.
Just the highlights:
Data from 2020 shows that the majority of threats are originating from 5-10 SSPS.
Every quarter, the top 5 SSPS accounted for 65-75% of threats.
Every quarter, the tops 10 SSPS accounted for 90% of threats.
A single SSP was responsible for 29% of threats over the course of 2020.
This SSP held the #1 spot for the first 3 quarters and dropped out of the top spot in Q4.
The percentages shown in the graphic denote the share of total threats across the entire network that originated from this SSP each quarter.
A new SSP took the top spot in Q4 after showing almost no threats early in 2020.
This very large increase in threat level was driven by a single sustained attack targeted through the SSP.
The percentages in the graphic indicate the share of total threats across the entire network that originated from this SSP each quarter.
Learn more about the major attack spikes in Q4 and how they affected overall threat numbers.
How was the attack executed?
The attack was dominated by a single SSP.
61% of threats for this particular attack came through a single SSP, showing how a single attack, executed through a single SSP, can have a far-reaching impact if executed successfully.
Here's the creative that was used in the attack:
The BFCM attack spiked early and continued over the course of 2 Days.
COVID changes and shifts in how ecommerce merchants utilize deals during the holiday shopping season have both extended and flattened out the rush of ad buying across a longer period. This has opened up opportunities for malvertisers to capitalize on increased traffic during these times, while still benefitting from relatively low CPMs.
How was the attack executed?
Here's the creative that was used in the attack:
Switzerland holds the #1 spot by threat level, followed by Italy, the US, UK, and Canada.
As the year progressed, attackers moved between international regions.
Europe was hit hard in Q1 and Q2 but waned in the latter half of the year, likely due to shifts related to the spread of COVID.
What do the experts think is in store for 2021? Find out!
The pandemic will continue to impact open market demand and therefore put pressure on exchanges and SSPs to generate revenue. Expect to see sizable malware attacks as some decide to take risks on "new advertisers" that are actually bad actors.
- Matt Cannon, COO at Venatus Media
Expect to see an increasing return for bad actors when employing auto-redirects as the value of inventory erodes, and bad actors get better at targeting legacy malvertising systems.
Cloaking will continue to increase in use as the attack type matures.
COVID pressures of 2020 affected anti-malvertising vendors as much as publishers. Expect a consolidation of vendor solutions in 2021 where capital is scarce and vendors will fail to serve their customers at the appropriate levels.
- Jay Crystal, Co-Founder of clean.io
Expect to see yields go down for publishers due to ongoing identity and privacy changes on the web. We know when yield and prices go down, it’s more affordable for attackers to buy, so expect to be seeing more and more net attacks due to price decreases.
- Seth Demsey, Co-Founder of clean.io
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(1).jpg)
In 2020, online behaviors accelerated 5-10 years, creating millions more online customers and more companies that have renewed focus on digital channels, creating more opportunities for issues like malvertising, but also more of a reason to fight against it.
Creating a cleaner, higher-quality marketplace will be in everyone's best interest. Ongoing investigations into Facebook and Google, and increased privacy regulations will give publishers, brands and consumers a voice against issues like malvertising, among others.
Publishers will be more discerning against low quality demand, and tech companies will create more effective strategies for delivering quality.
- Jayson Dubin, CEO & President at Playwire
2021 will be a key year in shaping the future of identity on the Web. The big platforms have co-opted the privacy-by-design movement to push a vision for the Web where the browsers are the guardians of user identity and its various marketing applications (targeting, attribution, frequency capping, etc.).
While this framework is probably better from the standpoint of user privacy, the companies that will benefit the most are the walled gardens and big Internet platforms. In other words, the dominance of Apple, Google, Facebook, Amazon would be probably be strengthened by the proposed changes, at the expense of independent publishers and the open Web at large.
At the same time, regulators are starting to realize that these companies are already too powerful and are finally taking action to mitigate this.
- Marty Kratky-Katz, CEO at Blockthrough
Expect changes to the programmatic landscape as brands shift from viewing it as just a way to monetize at high fill rates to a linear path to direct programmatic sales.
Brand and agency budgets will shift to leveraging their own 1st party data as a larger source of revenue.
This shift will be driven by the ongoing slow death of the 3rd party cookie, the 2020 industry impact caused by the COVID pandemic, and the volatile political/social justice climate as having clear insight and transparency into supply path and ad adjacency becomes increasingly important.
- Richard Marques, CEO at Revcontent
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(2).jpg)
Open Auction global display buying will drop by at least 20%, shifting to Private Marketplaces and other channels.
As better practices for Identity Attribution & Measurement start to drive better programmatic direct relationships and create fewer incentives for malvertising and fraudulent behavior.
- Matt Prohaska, CEO & Principal at Prohaska Consulting
Expect malvertising to decline, but become more sophisticated and severe when it does strike.
Essentially, attacks will happen less frequently, but they will be more severe. This is mainly due to the increases in media cost and complexity to reaching audiences.
Unsophisticated malware that generates a lot of value with little effort will decline, and more complex value models and methods will take its place.
- Bob Regular, CEO at Infolinks
With everyone still at home in 2021 and owning more devices than ever, it means more opportunities for criminals to exploit.
Bad guys always continue to innovate to intentionally harm people and businesses through ads. Even in the cleanest of environments, trouble can always arise without protection.
Bad actors will increase sophistication levels and tactics to exploit this reality. Be smart and get ahead of threats as much as you can.
- Erik Requidan, CEO at Media Tradecraft
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(4).jpg)
'
IDFA related targeting and attribution challenges will lead to higher fill and lower rates.
Advertisers still need to sell and promote products and drive mobile UA. This will require a wider net to be cast to find their target audience and a lower CPM in an attempt to hit their target ROAS.
Lower CPM also means more opportunity for bad actors to infiltrate publisher inventory. Stay vigilant on your yield (offense) and user experience (defense) equally as this shakes out.
- Matt Sherman, Owner at Cove Media
Dozens of large marketers will launch detailed audits of their ad spend in light of Uber sharing that they wasted $100M of their ad spend.
Ad spend will flow to the publishers that are doing the work of ensuring their supply paths, the ad tech partners who work only directly with buyers and sellers will benefit and the reseller market will come under pressure. As a result, fraud will continue its decline and buyers and sellers will benefit.
The ecosystem will hit a new level of maturity, with lots of public companies, more efficient transactions and better transparency and tools to root out bad actors. Fraud will start to look like it does in the credit card space - random outbreaks rather than systemic large scale issues.
- David Simon, Chief Revenue Officer at Fyber
Download this Report
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(5).jpg)
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(6).jpg)
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(7).jpg)
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(8).jpg)
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(9).jpg)
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(10).jpg)
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(11).jpg)
.jpg?width=600&name=FINAL%20Q4%202020%20Clean.io%20Smart%20Report%20(12).jpg)