According to OTA research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. The threats are significant, warns the Seattle-based non-profit—with the majority of malicious ads infecting users’ computers via “drive by downloads,” which occur when a user innocently visits a web site, with no interaction or clicking required.
The consequences of malvertising include cybercriminals capturing users’ personal information or turning devices into a bot for the purpose of taking over that device and using it in many cases to execute DDoS attacks against a bank, government agency or other organization.
Just as damaging is the deployment of ransomware, which encrypts a user’s hard drive, demanding an extortion payment to be unlocked. Users’ personal data, family photos and health records can be destroyed and stolen in seconds.
In the absence of policy and traffic quality controls, organized crime has recognized malvertising as the “exploit of choice” because it offers the ability to be anonymous and remain undetected for days. Through a multi-stakeholder effort, the OTA Advertising and Content Integrity Committee proposed a holistic framework as the foundation of an enforceable code of conduct or possible legislation addressing five key areas:
- Data Sharing
It is important to recognize there is no absolute defense against a determined criminal. At the hearing, OTA proposed incentives to companies who adopt best practices and comply with codes of conduct.
Spiezle emphasized that these companies “should be afforded protection from regulatory oversight as well as frivolous lawsuits. Perceived anti-trust and privacy issues must be resolved to facilitate data sharing to aid in fraud detection and forensics."