Ad Fraud is Much More Than a Marketing Problem

In September, cybercriminals pulled off one of the biggest ad fraud scams in recent memory by turning scores of user devices into “ghost click farms” that generated billions of fake ad impressions daily. Then, in January, another gang did it again – using scam software to secretly launch background browsers, interact with ads in a way that looks human, and turn micro-payments into lump sums of stolen ad revenue.

This is bad for marketing, of course, but it’s arguably just as bad for cybersecurity. Generating fake clicks at scale often requires a combination of dodgy software, elevated permissions, and network access – the same capabilities needed for other serious attacks. Devices compromised for ad fraud often exhibit secondary malicious behaviors such as data exfiltration and credential harvesting. Further, if left unaddressed, they can remain as unmonitored backdoors within the network, enabling lateral movement and data theft.

Both marketing and cybersecurity need ...