Digital ad fraud: another costly security risk

Digital advertising fraud is big business. According to Juniper Research, global digital ad fraud will cost companies $100 billion by 2023. From 2018 to 2019 alone, the loss increased by 21%. Often lurking behind the scenes are organized and sophisticated groups taking aim at the money exchanged from fraudulent ad placements and bogus traffic. Bad actors profiting off the multi-layered vulnerabilities in the programmatic and digital ad ecosystem. Bad actors profiting off the multi-layered vulnerabilities in the programmatic and digital ad ecosystem. 

At the same time, the total amount spent on digital advertising keeps increasing. Estimates for 2020 indicate that digital advertising spend reached $336 billion globally. Unfortunately, it seems that the more we spend on digital ads, the more the criminals can siphon off to fund malicious activity. 

What’s more, there are many costs of continuing to feed this system of ad fraud. Many marketers may have internalized the message that ad fraud is a cost of doing business, and build these losses into their budgets.

The ad fraud issue, however, has far wider implications than just wasted ad spend, a fact that should drive every marketer to take a closer look at this nefarious bot business.

It’s become apparent that ad fraud is bigger than the small-scale skimming that CMOs and brand managers are picturing. Highly sophisticated botnets backed by large-scale criminal networks are feasting on digital ads, pocketing the ad spend and using it for darker purposes. Spending money on impressions that were generated by bots is one thing, but funding illegal activities and putting customer data at risk is far more consequential for marketers and their brands. Failing to plug this leak to stop the flow of dollars gives these criminal fraudsters an open invitation to continue to exploit digital marketing budgets.

Stopping the bots with cybersecurity-driven ad fraud detection

The name of the game is staying ahead of the bad guys, by finding and eliminating more fraud. From a web traffic standpoint, fraud in the digital advertising space can look and behave much like cybersecurity attacks on endpoints and networks. IronNet is regularly tasked by companies to defend and secure critical assets such as power grids, financial records, and healthcare data. We have the unique ability to apply cybersecurity analysis and threat hunting expertise to help uncover patterns of fraudulent profiteering based on network behavior. In turn, we can protect a company’s wider marketing budget losses in the digital advertising space. 

Simply stated: there's a limit to how much ad fraud existing solutions can detect. The digital ad industry has categorized fraud into 2 buckets: General Invalid Traffic (GIVT) and Sophisticated Invalid Traffic (SIVT). GIVT includes traffic from known bots and spiders, such as Google's crawler, and should be easily identifiable by any company in the supply chain. SIVT  includes hijacked browsing activity and domain misrepresentation, which can only be detected using a more advanced tool. The truth is, these solutions are only as smart as the data they have learned from. And ad fraud tools analyze only ad traffic. End of story. 

Changing the name of the game: Finding 6x more ad fraud

IronNet has changed the game by analyzing streams of suspicious traffic across networks in multiple industries and, in turn, applying expertise and context to digital threats that take aim at high-stakes targets, such as critical infrastructure or government bodies. Like other tools, IronNet’s Digital Detect monitors digital ad and website traffic, identifying instances of invalid traffic that negatively impact return on ad spend. But unlike traditional platforms, we take it a step further, by correlating suspicious IVT behaviors with those employed by cyber criminals to threaten other digital assets, uncovering new and more dangerous types of fraudulent traffic. 

Screen Shot 2021-02-10 at 1.03.14 PM

The advantage is clear: IronNet’s advanced analytics and automatic correlation have been shown to detect suspicious behaviors and fraud with accuracy levels unmatched by other solutions in the industry.

In fact, Digital Detect has identified up to 6x more IVT, including intricate hidden ghostnets of ad host sites, that exploit browser protocols and hide malware behind encrypted communications, to generate new domains on which fraudulent ads are served.

Complex schemes like this define a whole new category of IVT: Cyber Invalid Traffic. The result for brands and marketers is better performance measurement, enhanced brand protection, and improved campaign ROI. 

Emptying ad fraudsters’ deep pockets

Let’s face it: Ad fraud is theft. Vulnerable brands lose customer insight, time, and opportunity. Money is wasted on digital campaigns, while malevolent fraudsters stay hidden and make significant profit. The nature of ad fraud is even more unsettling when you consider that terrorist groups are often hiding behind the curtain. As such, it's time to take on ad fraud with a strength equal to the organized effort of cybercriminals, by going deeper, and identifying advanced cyber invalid traffic.   

To learn more about how your company can find more fraud, and measurably improve the ROI of your marketing budget, request a demo.

About Ironnet
Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet Cybersecurity is a global cybersecurity leader that is revolutionizing how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing an extraordinarily high percentage of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today. Follow IronNet on Twitter and LinkedIn.