There is a growing threat caused by malicious ads that disrupt your customer’s online journey and places both your customer data and revenue stream at risk. The Ensighten platform enables organizations to protect customer experiences and data from corrupt ads and embedded code that often infiltrate your customers’ browser.
Your website is your primary channel to engage with and service your customers. You have likely invested heavily in providing a highly engaging, personalized, and differentiated online experience, as well as extensively in securing your website, and its content and data - hackers know this and continuously look for ways to bypass your defenses. Damaging ad injection attacks are on the rise because they bypass your web server and server-centric security model and often go undetected.
There are many ways in which unauthorized ads can be injected into your website. Malicious ads display everything from competitive content to inappropriate material, what is worse, they can also install code to steal sensitive data. It is estimated that one of every four visitors to your website are being affected by malicious ads, impacting revenue and altering the online experience. Because this form of attack bypasses server-centric firewalls and other web server security measures, you may not even be aware that this is likely happening right now.
Read our guide to malicious ad injection attack prevention
What is ad injection?
Ad injection is the process where unauthorized modifications are made to web pages, adding or replacing content (e.g., ads) without user or website owner consent. It is a cross-browser and cross-operating system technique. Ad injectors frequently monitor all of your users’ browser activities and report these behaviors to third parties for tracking and advertising selection. The hacker’s intent is to divert your users to competitor websites, disrupting online sales (by as much as 5 percent of revenue) and providing a highly frustrating online experience for your customers through banner ads, fake search results, pop-ups and browser redirects – these cyberattacks typically go undiscovered. The motive for the hacker is generating revenue from affiliated sites or siphoning customer data, payment information and personably identifiable information.
The cost of unauthorized ad injection
Malicious ads hide in plain sight
The criminal process of planting adware or fraudulent ads on your website happens away from your web servers and server-centric security model, bypassing monitoring and detection tools, such as web application firewalls. The process is hard to detect because it happens at the client side, therefore you have limited visibility into the damage that is being inflicted as a website owner. Because the malware resides on the user’s browser or device, traditional server-side security solutions lack visibility or control over the problem and as such, you may be having your conversion rates negatively impacted and revenues stolen without ever being aware there is a problem.
"Ensighten has not only ensured that our website is protected from client-side data leakage and cyberthreat groups, but also enabled us to block malicious and competitive advertising which had affected our conversion rates and revenue. We saw an immediate uplift in conversions and sales as soon as we implemented the solution."
Leading global retailer, August 2019
The impact of malicious ad attacks
While certain industries, such as ecommerce, are more frequently targeted by ad injection attacks, organizations across all industries are impacted and vulnerable to malicious ad attacks. Here are just a few ad injection examples that have occurred:
- Ecommerce – ad injected content that offers better deals on competitive sites
- Bank – ad injected content that offers financing at a lower rate
- Credit card services – ad injected content that offers credit cards with more favorable terms
- Business services – ad injected content that offers a comparable service at a lower price
- Insurance – ad injected content that offers same-term life insurance at a lower cost
Ad injection attacks lead to:
- Lower conversion rates
- Underperforming revenue generation (2-5 percent lower)
- Brand damage
- Poor customer experience
- Loss of customer data and corresponding recovery costs, including regulatory fines
- Loss of customer trust
How ad injection happens
In February 2020, research uncovered 500 Chrome extensions capable of injecting ads into millions of browser sessions. While Google and other browser vendors continually apply and improve fraud detection systems, hackers constantly innovate to bypass such mechanisms. A substantial volume of extensions that covertly or directly inject ads remains on leading browsers. Why? Browser extensions allow hackers to cost-effectively reach millions of browser sessions.
When users visit websites over an unsecure network, say a public wifi, hackers can infiltrate the traffic to embed malicious ads. These ads can disrupt the user journey, frustrate the user, draw the user away from the site or even load and activate code to steal data.
Installed software (e.g., Windows updates)
Ad injection code can be downloaded as part a software download or a patch update. Occasionally, ad injection code will be bundled with other software or even devices. For instance, PC manufacturer Lenovo once sold laptops that included ad injection software called Superfish that worked across all browsers. The software, initially marketed as helpful technology to analyzes images on the web page and present identical and similar product offers at lower prices, was eventually classified as an ad injection vulnerability and Lenovo was fined.
Ad network tampering (malvertising)
Hackers can hack into ad servers and include their malicious code within ads that then get distributed through the ad network. When ads load on a page, they attempt to redirect users to other websites that are laced with malware which can add pop-ups, more ads or siphon data. This vector of spreading can leave hundreds of thousands of computers infected by the malicious code.
The Ensighten platform stops malicious attacks
The Ensighten platform is used by many of the world’s leading brands to detect and prevent malicious ad content from infecting a web page and disrupting customer experiences. With a single line of added website code, the cloud-based platform operates seamlessly in browser sessions to monitor and control incoming and outgoing browser traffic. Rules are configured and managed graphically. Unauthorized requests are logged and blocked safeguarding your intended customer experience, customer data and online brand.
Stop ad injection
Ad injection is a technique used by attackers to inject ads into web pages without gaining permission from the owners. It can generate substantial revenue for criminals. The Ensighten platform detects and blocks ad injection to ensure your online visitors stay on your website securely.
Block ad malware (malvertising)
One of the biggest problem with ad malware is that organizations do not know it is happening. Malware is usually injected after the web page has loaded and as such, shows no activity in web server logs or the like. The Ensighten platform prevents malware from being injected into a page.
Prevent journey hijacking
Journey hijacking is the process of targeting your online visitors with unauthorized ads with the goal to divert them off your website. This can impact conversions, revenue and user experience. Ensighten blocks any unauthorized advertising or third parties on your website.
Protect online revenue
Advertising is a big revenue generator for organizations and criminals – even if you do not display ads on your site, it is still a target for ad injection. Ensighten’s technology blocks malicious ad injection through client-side network filtering to protect online revenue.