Many people today are consuming their entertainment through various devices, from small screens to big screens. In the perspective of technological evolution, we have moved from traditional TV broadcasts to on-demand streams through our phones, tablets, laptops and even smart TVs for a better user experience.
Connected TVs (CTVs) encompass all of these, as the increase of users connecting to CTV applications is increasing, especially now that people are confined in their homes.
As its name implies, CTVs need an internet connection to access any content. Since people nowadays are more connected to the Internet, they tend to watch on-demand media rather than traditional TV and DVDs, as CTVs give more freedom in terms of choice and availability.
Such factors are driving the increase of viewership on CTVs, and for advertisers, this opens up more meaningful and effective ways to engage with potential customers. Some content providers have subscription models, while some are relying on advertisements for their revenue.
Server-Side Ad Insertion (SSAI) is one method whereby advertisers can insert ads into content seamlessly, not worrying about ad-blockers and, at the same time, not compromising the user experience. SSAI is gaining prominence in the space of programmatic advertising as it automates ad impressions depending on the “right context” at the right time.
While industries are earning a huge amount of money with the ad technologies, they are also losing billions every year due to ad fraud. For Ryan Murray, Director, Asia Pacific, White Ops, who spoke to CSA in an interview, the expansion of the marketing industry in terms of technologies also means the adaption of fraudsters, presenting a number of new threats to marketing campaigns.
“A new trend we’ve monitored this year suggests fraudsters are suppressing less sophisticated ad verification technology in order to remain undetected. As a result, brands, platforms and consumers continue to be abused and lose revenue, experience infected value chains, damaged reputation and tedious remediation discussions”, Ryan explained.
For instance, there are cybercriminal groups who are using sophisticated bots that disguise as smart TVs in order to generate video ad impressions. One of them is the ICEBUCKET, which was discovered by White Ops, calling it the largest and widest CTV related fraud operation to date.
According to White Ops’ report, the ICEBUCKET started in a part of programmatic advertising where the supply chain is less transparent, sellers are not reported in sellers.json files, and buyers and sellers typically do not have a direct relationship.
The fraud group’s operation imitated SSAI servers by generating traffic for non-existing edge devices (specifically CTVs and mobile devices) into the ad tech ecosystem; using about 2 million spoofed IP addresses from 30+ countries.
Ryan further explained that the operation counterfeited over 300 different publishers, stealing advertising spend by tricking advertisers into thinking there were real people on the other side of the screen when in reality, these were bots pretending to be real people watching TV.
At its peak, ICEBUCKET accounted for more than 28% of the programmatic CTV traffic, which demonstrates the capacity of fraudsters to make a dramatic impact on this new market.
“The lack of consistent standards and the surge in ad spending, driven by the rise of streaming content services and a proliferation of new connected devices, is leaving CTVs as an especially ripe target for fraud. Today’s bots are increasingly more sophisticated and delivering a host of malicious activities in CTVs”, said Ryan.
SSAI is still at its infancy and while it is a good solution for ad serving, fraudsters are still finding holes in system frameworks and penetrating through, as with all new technologies. Ryan added, “SSAI adds a layer of obfuscation where measurement vendors’ tags are collecting signals from the SSAI service instead of the edge devices where ads are shown. This layer of obfuscation creates a challenge for analysing traffic and identifying fraud”.
While ICEBUCKET is the largest CTV ad fraud operation that we have seen thus far, the industry has uncovered multiple threats over the past year with more spinning-up every day. Fraudsters are utilising an ever-increasing toolbox of fraud tactics to steal money from CTVs, including device spoofing, app spoofing, device farms, hidden ads, and incentivised ads.
For the CTV ecosystem, which is a complex and fragmented one, this makes it ripe for intrusion from fraudsters. Ryan suggested that advertisers and marketers need to work together with the rest of the industry to protect CTVs and make it cost-prohibitive to monetise their schemes.
According to him, if organisations fight fraud in a silo, depleting their own time and resources, adversaries simply move on to employing the same tactics at a different target - nothing lost, much still left to gain for the cybercriminals groups. Ryan ended with the note, “If the industry can rapidly apply knowledge gained from a particular attack for everyone’s benefit, then that tactic will not work when adversaries move on to the next target”.