Bot fraud will net criminals $7.2bn from advertising budgets in 2016
Advertisers are losing billions to ad-clicking botnets that generate fake traffic, according to a study by the Association of National Advertisers and security vendor White Ops.
Madmen turn Sadmen as Bots gobble up billions of their ad budgets
Botnets will cost advertisers around $7.2bn this year, according to research carried out by the Association of National Advertisers (ANA) and security vendor White Ops.
The figure will be up from $6.3bn last year, according to the research. The increase in predicted losses was attributed to an expected 15 percent rise in digital ad spend this year, meaning that fraud rates are holding steady.
Researchers said that in 2014, between two and 22 percent of ad traffic came from bots; in 2015, this increased to between three and 37 percent.
Forty-nine members of the ANA took part in the 2015 Bot Baseline Study. Those participants deployed White Ops detection tags on their digital advertising to measure bot fraud. Data was collected from nearly 10 billion online advertising impressions across 1,300 campaigns over 61 days, from 1 August until 30 September 2015.
The research found that ads with higher cost-per-thousand impressions (CPMs) were more vulnerable to bots. These segments provide a stronger economic incentive for bot-net operators to commit fraud.
Display media with CPMs over $10 had a 39 percent higher rate of bot views than lower CPM media. Video media with CPMs over $15 had a 173 percent higher rate of bot views than lower CPM video media.
Sourced traffic – any method by which publishers acquire more visitors through third parties – continues to show a higher level of sophisticated bots and was over three times more likely to contain bots than unsourced traffic, according to the report.
White Ops CEO Michael Tiffany said the ‘attacker's advantage' of only needing to find one weakness in a defence is “well understood”.
“The study highlights the challenges faced by the advertising ecosystem as defenders, and the many techniques that a sophisticated, persistent adversary can exploit within the online advertising industry. Although our study definitively demonstrates areas of improvement because parts of the industry have become laser-focused on continually tightening controls and adjusting transparency, we are still facing an uphill battle to achieve broad acceptance of the need for deeper focus on the fraud problem, and ultimately to reverse these financial trends,” he said.
Advertisers that managed to reduce ad fraud did so by implementing some form of third-party monitoring to check on ad placement and “click quality”.
Lee Munson, security researcher at Comparitech, told SCMagazineUK.com that the potential for ad fraud is massive and likely to increase in years to come.
“Motivated by money, hackers can realise huge profits by deploying simple ad-clicking botnets while unscrupulous publishers can boost their own ad rates by soliciting similar services to inflate their traffic numbers,” he said.
“While affected organisations have several options open to them for reducing the level of fraud they experience, from anti-fraud policies to bot-blocking software, and monitoring of logs and careful vetting of partners, I believe the spotlight of ad fraud reduction should actually be shone on ordinary home users.
“With almost 80 percent of bot sessions being initiated by freshly infected home computers, surely the answer lies in timely patching of operating systems and other software, the installation of security software and good old-fashioned security awareness training?"
Martin Zetterlund, vice president for Security Operations Centre at Distil Networks, told SC that in order to protect themselves from ad fraud, organisations need to focus less on raw numbers and more on observable actions.
“Consider incentivising your agency based on actions taken by users, avoiding the temptation of buying lower cost (and therefore lower quality) inventory,” he said.
He added that firms need to move beyond viewability. “Viewability can be faked by bots and other non-human traffic. Even if we resolve that part, we'd still be left with impressions being loaded by bots,” he said.
“Money is the primary motivation for digital ad fraud. It's extremely lucrative. We estimate that for every $3 spent on digital advertising, $1 is being siphoned out of the advertising ecosystem into the pockets of the bad guys. As a result, publishers' ad revenues are depleted by one-third and advertisers have a lower return on investment," said Zetterlund.