When delivering advertising, the SSL / TLS protocol must be used, to encrypt the data traffic between the client and the web server. What we want to highlight in this article, however, is the fact that encryption must also include all participating ad servers within the delivery chain so that fraudsters cannot succeed in hiding ransomware or Trojans in banners and distributing them that way:
It is well-known that attackers compromise poorly secured ad servers or buy advertising space with stolen credit card marketers. This method is certainly attractive to cybercriminals because linking the ad server to numerous websites provides a high range of malicious software distribution.
Therefore, ad server operators should consider the following measures to ensure a proper delivery of online advertising:
1. Select strong passwords: Ad server operators have the duty to choose strong passwords or use alternatives that are at least comparably secure. This is to ensure that customers choose passwords that are strong enough for brute force attacks.
2. Import updates regularly: The past shows that ad servers were often compromised due to a lack of security updates. Therefore, operators are obliged to install security updates as quickly as possible and such security updates must be installed on all components belonging to the ad server, including the employees' clients. For this reason, establishing a patch management process is highly recommended since it allows operators to react quickly to newly released security updates and install them as quickly as possible.
3. Effective virus protection: An efficient virus protection is a must for all computers of the project team. And of course, antivirus programs should also be used on ad servers to perform regular scans and isolate or remove any malware on the ad servers. Ideally, operators opt for an anti-virus program that recognizes bad ads during upload and initiates appropriate action.
4. Monitoring: Security-relevant activities must be logged on ad servers in compliance with data protection. Operators should check if existing container tags were manipulated in an unfamiliar way or infected with malicious content. In addition, efficient monitoring should make it possible to track manipulations on ad servers to be able to draw conclusions about the cause in the event of security incidents.
5. Security concept and emergency preparedness: Ad server operators are required to create an emergency preparedness plan to respond to security incidents. In addition, a security concept is recommended that can be used to determine which information security strategies are really being pursued. This includes, among other things, that server operators react as quickly as possible to security incidents, remove defective advertising material as quickly as possible, and inform the relevant authority about the security incident. Experts recommend the implementation of an Information Security Management System (ISMS), where rules are defined to permanently plan, implement, test, maintain and optimize information security.
6. Raising employee awareness: Employees are among the biggest security flaws in any company, therefore, it is advisable to sensitize employees sufficiently and to ensure that all have sufficient information security knowledge. This means, click fraud, SQL and XSS injection attacks should not be foreign words.
7. Preventing tracking attacks: Ad server operators must be guided by the concept of data economy - meaning they should only collect as much sensitive data as necessary for the delivery of advertising. No data should be collected and evaluated that could lead to security incidents. User data collected through tracking needs to be protected as well, since many website owners work with foreign ad server operators and marketers, which could access collected user data and misuse it in a targeted way.
8. Blacklists: To prevent the automated delivery of manipulated advertising media, ad server operators must use blacklists with those URLs that conceal defective content. This restricted list can be used to block access immediately, if an attacker should be able to link manipulated advertising.
9. Account verification and cooperation: To identify the people behind the advertiser, ad server operators must establish a process of verification. Anonymous accounts must be prevented, since they have often led to the use of stolen credit cards to place bad advertising. The verification process could be extended by further security measures, such as multi-factor authentication.