Record numbers for internet sales were reported in 2019, but online retailers aren’t the only ones laughing all the way to the bank. Cybercrime costs retailers a staggering $30 billion a year, and the sector is among the top ones targeted globally. Last year, three quarters of global retailers reported falling victim to cyberattacks.
Cyberattackers are constantly evolving and looking for opportunities to deliver malicious payloads to online shoppers. This activity is especially heightened during the shopping season. While several awareness campaigns have been launched this year, one most notably by Homeland Security to educate users on making smart and safe shopping choices, the conning of advertisers and publishers into delivering malware-laced advertisements is a growing issue.
The Devcon report highlighted that hackers can use any of the following methods to exploit advertisers and consumers:
Abusing publisher’s code: Cybercriminals will create fraudulent accounts with ad networks and use an organization’s ad tags to deliver payloads to target websites without even having to compromise the target company’s servers.
Exploiting a partner’s code: This attack method basically involves exploiting vulnerabilities in the source code of third-party partners that connect with the target website, publisher or advertiser. A similar pattern can be drawn with last year’s Magecart attacks that stole credit card information from more than 80 global e-commerce websites that were running an outdated version of the Magento platform. Or take the example of the eGobbler attack that affected more than a billion ads due to a browser flaw on Apple iOS devices.
Service providers and consumers must ensure that they follow these best practices to ensure that they do not fall prey to ad threats.
The increased amount of money flowing into ad serving platforms is obviously going to attract more and more cybercriminals by the day. While service providers become more security savvy, hackers become more sophisticated than ever before. Understanding ad threats is necessary for staying one step ahead of these fraudsters.