White Ops: Ad fraud bot activity waning, but threats still loom

The tide may be turning in the fight against ad fraud bots, according to security vendor White Ops.

White Ops, which specializes in ad fraud, and the Association of National Advertisers (ANA) released their fourth Bot Baseline report, which examines digital advertising activity among ANA member companies. This report examined 50 ANA members during August and September of 2018 and found evidence that ad fraud bot activity appeared to be decreasing.

In a review of 27 billion ad impressions and 2,400 campaigns over that time period, White Ops projected global losses from ad fraud this year will total $5.8 billion, which is a decrease from the estimated $6.5 billion in losses for 2017. The vendor noted the 11% decrease in losses over a two-year period was significant, because digital ad spending jumped more than 25% over that span.

The study also found bot-generated fraud, or what White Ops calls sophisticated invalid traffic (SIVT), decreased on desktops over the two-year span. According to White Ops, SIVT on display ads fell from 9% in 2017 to 8% in the current study, while activity on video ads dropped from 22% in 2017 to 14%. The study did not include social media or search advertising activity on such giants as Facebook and Google, which represent a significant portion of online ad purchases.

"More fraud is getting stopped than is succeeding," said Michael Tiffany, president and co-founder of White Ops, based in New York. "And this is first time we can say that."

Tiffany credited the positive trend to several factors, starting with international law enforcement efforts to arrest threats actors and take down botnets, such the 3ve and Methbot campaigns.

"We're seeing legal consequences for the actual operators -- not the superficial buying the [fraudulent] traffic, but the ones driving infections and compromising machines," he said. 

A major problem with ad fraud, Tiffany said, has been the abuse of programmatic platforms where publishers and other third parties can buy and sell ad inventory. There's no central policing of these platforms, which allows cybercriminals to spoof domains of legitimate websites and disguise themselves as publishers.

But White Ops said antifraud measures and technologies are more widely adopted today and have had a material impact on reducing fraud and spoofing. One such measure gaining adoption is ads.txt, which was developed by the Interactive Advertising Bureau's (IAB) Technology Lab in 2017 to reduce the spoofing of programmatic bid requests. Ads.txt are files hosted on companies' web servers that list third parties authorized to buy and sell their ad inventory.

According to White Ops' report, 14% of all domains published a valid ads.txt file during the two-month study. While that number may seem small, Tiffany said, those websites accounted for 78% of all ad impression purchases in the study, because "the majority of the buying is going to the most popular sites."

The 2018-19 Bot Baseline report said more ad-buying dollars are now spent with programmatic platforms that have built-in fraud prevention measures. In addition, the report noted that efforts to increase traffic sourcing transparency, led by the Trustworthy Accountability Group (TAG), have also had a material effect on reducing ad fraud bot activity. The organization, which was founded by trade groups like the ANA and IAB to fight ad fraud, requires publishers to adopt ads.txt in order to achieve TAG's Certified Against Fraud status.

As a result, Tiffany said, much of the bot traffic market has moved underground to dark websites and invite-only forums.

"You can still buy undetectable bot traffic, but it is harder to do," he said. "You used to be able to perform 'retail buying' of bot traffic, where you just show up at a website and [have] a credit card number and order the traffic."

However, White Ops cautioned against complacency. The report noted that "a shockingly large percentage of video advertising" is sold in Video Ad Serving Template 2 format, which is difficult for third parties to validate. In addition, Tiffany said that while ad fraud is declining on desktops, threat actors are exploring other avenues to make money through illicit activity. The report noted, for example, that mobile ad fraud is increasing on some display and video formats.

"The adversaries aren't throwing in the towel," he said. "Most ad fraud innovation is happening on mobile apps and connected TVs, and there is real innovation happening there."