March 1, 2017
The Methbot shook up marketers who once believed they were unaffected by cybercrime. Experts say industry-wide transparency and education can defeat the attackers
Marketers had a rude awakening to the effects of cyberattacks at the end of 2016 with the discovery of Russian hacking operation Methbot.
The fraudulent activity had been costing them between $3 million and $5 million per day at its peak, unbeknownst to them.
The attack strayed from better-known threats, malware and identity fraud. It’s likely to cause a fundamental shift in how marketers consider their role in preventing such losses. It will also probably change how they interact with their IT departments, according to Marie Hattar, CMO at Ixia.
“Marketing traditionally has not collaborated with IT from a cybersecurity standpoint,” Hattar says. “IT has been someone to help them employ their tools and make sure they do a lot of the back-end stuff.”
What comes next will be a combination of transparency by all parties in the online ad realm and increased education of marketers so they can act with more awareness and accountability, experts say.
The Methbot managed to avoid detection through an array of infrastructure, versus more traditional malware structures. Methbot operators used a distributed network based on a custom browser engine running out of data centers on IP addresses that were acquired with forged registration data.
The operation used its servers, located in the U.S. and the Netherlands, to create nonhuman traffic directed to load webpages featuring video ads from major advertisers, mostly ones based in the U.S. Fake webpages were designed to trick advertisers into believing their ads were appearing on major websites, such as ESPN, CBS Sports and The Wall Street Journal.
Digital advertising security firm White Ops first noticed the bot in September 2015 and responded with a quarantine and monitoring effort. The fraudulent activity became what is now known as the Methbot in October 2016 when it began to aggressively scale and adapt. With the release of its report in December 2016 , White Ops provided known Methbot IP addresses to advertisers, agencies and technology providers so they could block them and prevent their ads from appearing on Methbot inventory, effectively killing the Methbot’s fraudulent activity.
“When we released the details of all of the IT space the Methbot was using, we actually coordinated the biggest industry-wide shutdown of a fraudulent operation ever,” says White Ops CEO and co-founder Michael Tiffany. “Within 24 hours the Methbot IT space was routed off the internet.”
Tiffany doesn’t discount the possibility of seeing a similar or copycat threat. He says what caught his company’s attention and motivated it to get the bot shut down was when Methbot started specifically working in digital video. There was evidence of automotive lead gen scams much earlier, and Tiffany says it’s reasonable to think that this is a group that’s been iterating through a number of different models.
“We might not see them pop up again in digital video targeting brand advertisers,” Tiffany says. “They might pivot to some other form of ad fraud.”
Security Via Transparency
The Methbot report from White Ops provided recommendations for avoiding similar problems in the future. Tiffany says marketers can make the crime unprofitable.
“One thing that is becoming increasingly clear is this is a fight that takes diligence, but it is actually a winnable fight,” Tiffany says. “The way we win is by raising the costs to the bad guys and decreasing the profits.
If we keep doing that, then at a certain point, ad fraud might be still technically possible, but if it’s no longer incredibly profitable, then it’s just not going to be attractive.”
The Methbot takedown demonstrated one of the ways to do so, which is to take away the key assets. Methbot operators had the market value of millions of dollars; now they absolutely cannot use those assets for their crimes. In terms of decreasing profit, marketers must ensure a high level of transparency and quality control across every channel that they spend in.
“We started several years ago in a place where transparency and third-party validation of whether marketers got what they were paying for was very nascent,” Tiffany says. “Now you can tell the world moved quite a bit because fraud went from something no one wanted to talk about—people were in active denial—to a place where some platforms and publishers are actually building quality guarantees into their sales pitch.”
According to Tiffany, adding those quality guarantees means enough marketers have been putting momentum behind this issue that there’s competition for quality when it comes to marketing automation, programmatic advertising and other platforms. Independent validation may help hold everyone to the same standards of quality.
“I think we’re headed to a very counterintuitive place where big platforms with major engineering talents and data science capabilities are actually able to invest a lot in the security and protections of their platforms as long as there’s an economic incentive, which means that in so doing, they’ll make more money or win more market share,” Tiffany says. “Because that’s starting to happen, now there are automated programmatic platforms you can buy from where you’re basically safer than a media plan that’s based on a wide number of direct buys.”
White Ops research has shown that direct buys are not immune to fraud, Tiffany says. In fact, a lot of bot traffic makes its way into direct buys either because of unsafe third-party traffic sourcing or because of unsafe audience extensions. As programmatic players compete on quality and take a zero-tolerance approach, there may be a higher level of assurance that marketers get what they pay for because traffic-sourcing and audience extensions scams that affect direct buys won’t work.
Proactive, Involved Marketers
Hattar says marketers need to seek verification that they’re receiving the services they signed up for from service platforms.
“Marketers should do a sweep across the board of all the different channels that they use, whether it’s social media, marketing automation or their advertising,” Hattar says. “They should actually reach out to a security professional in their IT organization and check whether they have enough measures in place and what themes or concepts to look for. I think most marketers are not that proactive.”
Hattar says that until something like the Methbot surfaced, marketers didn’t know to be concerned. They believed programmatic numbers were accurate. She says programmatic advertising involves a lot of proprietary algorithms that were traditionally not disclosed to marketers, keeping them in the dark on how they derive impression counts and other methodology.
“A lot more marketers want to know exactly where their advertising is showing up,” Hattar says. “The advertising piece gets a lot of attention because, typically, most marketing budgets spend a significant amount on it—anywhere from 20% to 50%, depending on market segment.”
There needs to be an elevated awareness of cybersecurity, Hattar says, with companies taking an end-to-end look across marketing processes to determine if they’re secure. Hattar says she aims to understand her company’s security policy across the board, whether for the website, marketing automation or the programmatic aspects.
“Raising that level of education is very important,” Hattar says. “For those areas that could be exploited, the more transparent they are in terms of the results or algorithms, what they’re doing, how they’re accounting for their impressions, the better and the less likely the data is incorrect or fraudulent.”
Recommended For You: