For Hackers, Holidays are Opportunities

Bad guys have different ideas of days to take off

Bad guys have different ideas of days to take off

Malvertising and other exploits increase during holidays as hackers look to take advantage of understaffed watchdogs and easy-going consumers.

July 4th brings another highly anticipated summer holiday weekend in the United States. Marketers of all stripes have been gearing up, creating special sale events, sponsoring parades or fireworks displays, and dressing their logos up with red, white, and blue. But above-board marketers aren’t the only ones with plans - data shows that ad hackers ramp up activity during holidays, too.

Trends in blocked malicious advertising from an average daily sample of 60M monitored impressions during the middle of May, 2019

Trends in blocked malicious advertising from an average daily sample of 60M monitored impressions during the middle of May, 2019

During the Memorial Day holiday weekend in May, DEVCON observed a 64% increase in exploit activity over the previous weekend. More troubling than the actual volume was the ratio of malvertising to ad impressions: the share of bad ads tripled during the three-day holiday.

These surges show that ad hackers aren’t just taking a “spray-and-pray” approach to delivering their malvertising - they’re using strategies similar to their legitimate advertising counterparts.

Ad Hackers are Ad Planners

Spoiling the party: there’s never a gift card at the end of these click scams

Spoiling the party: there’s never a gift card at the end of these click scams

The perfect customer for a malvertiser is someone with their guard down. They want to catch users in a vulnerable moment and get that ever-precious click. Sometimes that vulnerability comes from worry, and malvertisers create urgency by pushing fake alerts about viruses or required updates. But other times (like holiday weekends) that vulnerability is the lack of worry.

Users checking social media at poolside or catching up on their local news on their day off are not likely to be in a hyper-vigilant frame of mind. During these times, ad hackers issue fake ads congratulating the user on winning a prize, scamming the user into clicking and possibly even giving over personal information.

If you’re thinking about checking out all those holiday sales, a gift card seems great! And if you’ve had a few drinks to mark the occasion it may be harder to tell a fake offer from a real one. Holiday weekend browsing requires some skepticism - even more than browsing during the work week.

Ad Hackers are Smart Hackers

Besides targeting audiences, malvertisers also target vulnerabilities in networks and sites. Though the online publishing industry is digital by nature, the process of managing ad operations is less automated than it may seem. And ad hackers can get very good at tricking automated safeguards, leaving it to humans to notice and react to their attacks.

If fewer humans are on the job, it’s all the better for bad actors.

Malvertisers have two basic strategies - a flash fire and a slow boil. The slow boil strategy spreads attacks around, never too many in one place, looking for good ways to get to users without causing too much individual attention. These campaigns can run for months at a time and generate a steady stream of results over a long period of time. But the flash fire strategy is different - the ad hackers presume their efforts will get discovered, and instead of trying to be careful to hide, they dump high volumes of attacks to reach as many users as they can before they’re discovered. Holiday weekends are perfect for these malvertising flash fires because it typically takes understaffed network and site operations teams longer to react to an attack, even a big obvious one.

Keeping Holidays Jolly

There are no signs of a decline in these strategies from malvertisers. So how can everyday people and the sites they visit keep ad hackers from raining on the parade?

  • Users: Don’t let the holiday make you an easy target. Celebrate your independence from getting scammed by being careful about where you click. And if you encounter a bad ad, report it to the site you were visiting or directly to us here at DEVCON.

  • Sites: Get an real-time protection plan in place. If you’re a DEVCON client, good news - our tech doesn’t take holidays (or any other breaks, for that matter). We also have dedicated holiday watch dogs - cyber security researchers ready to track down anything new that pops up. The sooner we know about it, the more likely we are to track it to the source - so don’t slack on letting us know if your audience sees something weird. Email support@devcondetect.com or use our web form.

    If you’re not a DEVCON client, sign up today for a free scan and let us get started on saving your holidays from party-pooping ad hackers.

Andy Kahl