Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
In 2024, we have witnessed the development of powerful technologies that continue to shape our business and personal lives. From AI tools designed to increase the effectiveness of marketing strategy to hybrid cloud infrastructure extending enterprise structures beyond geographic boundaries, there’s no telling what the ad tech industry will see in 2025. Or how cybercriminals will continue to use technological innovation to advance their malicious tactics. From AdSecure and based on 2024 trends, we bring you the best ad security threat predictions for 2025.
Malvertisers will continue to use AI to launch their attacks
AI has brought many improvements to the ad tech ecosystem in 2024, including improvements in real-time bid optimization, deep analytics visibility, and conversion predictability. However, this powerful technology has also been exploited by malvertisers who use AI to create sophisticated malicious campaigns.
For example, social engineering attacks delivering Spear Phishing, Scareware or Malware have been improved with Predictive AI Analytics. Thanks to them, cybercriminals learned the behavior of end users and were able to adjust their tactics in real time to bypass detection software, ad blockers and remain unnoticed by sandboxing techniques. As a next step, chatbots, Deepfakes and Voice Cloning techniques were used with artificial intelligence to create hyper-customised ads designed to exploit the fear, anxiety and hope of the end users. The following are malicious landing pages created using artificial intelligence generators that are designed as hyper-realistic replicas of legitimate companies to trick the end user into clicking on compromised URLs.
Insight: According to HP’s Treat Insights report (December 2024)Malvertisers have started using AI to ensure easy entry to malicious advertising. This has allowed novice cybercriminals to launch AI-generated attacks, such as creating droppers for email attacks or using GenAI to create complicated code without having to know code, making it easier for them to enter the malvertising business.
Multi-factor authentication will be key to mitigating the security risks of InfoStealer for remote work
As companies move to hybrid IT setups with workers spread across the globe, InfoStealer Malware campaigns are on the rise. In these complex business environments, we find a mix of corporate and personal devices, local data centers, hybrid clouds, all connected via the Internet.
InfoStealer attacks bypass traditional defense methods and collect end-user identity data from applications and browsers, exploiting system vulnerabilities: If an end-user unwittingly clicks on an InfoStealer ad campaign and their access point to corporate software is not properly protected, they may end up giving access to a Malvertiser using their identity. This threat has been growing exponentially in the last few months. In 2025, companies will need to rely more than ever on Multi-Factor Authentication (MFA) and device authentication to protect employee access points.
Insight: Although the existence of MFA technology is widely known, as well as its benefits, only 55% of small companies in the world use MFA technology to protect their assets. Additionally, on average, only 13% of small business employees use MFA to access their accounts, meaning many jobs are still at risk of sensitive company information being leaked.
Marketing Technology News: MarTech Interview with Andrew Pascoe, VP of Data Science Engineering @ NextRoll
Vulnerabilities in IoT and connected devices have been exploited
More and more buildings are using IoT to keep things running every year. This includes corporate buildings, homes as well as critical buildings and city infrastructure. So it’s no surprise that Malvertisers have also chosen to target connected devices such as smart TVs, which can also be connected to building security infrastructure such as electronic doorbells and security cameras, with their insidious methods. IoT devices often have less-than-optimal online security measures in place and are frequently targeted by distributed denial-of-service (DDoS), man-in-the-middle (MITM), botnets, and InfoStealer attack vectors. Once these devices are compromised, a cybercriminal can penetrate them in a number of ways, and due to the nature of the devices, they can do so remotely and without too much hindrance.
Insight: According to a recent the Forescout studyof all device groups (IoMT, OT, IoT, and IT), IoT devices will accumulate 33% of all vulnerabilities in 2024, a 14% increase from the previous year, which is likely to increase further in 2025. The most exposed devices across all of these groups there are of course computers, mobiles and servers that accumulate almost 90% of all vulnerabilities. Right behind them are IP cameras, smart TVs, smart printers and even PACS systems such as glucometers.
Google Ads targeted using cloaking techniques
In 2024, we have seen many popular ad networks like Google Ads fall victim to malvertising tactics several times. In the case of Google, many of these attacks were carried out through ad masking. Using this method, malvertisers can impersonate popular software such as KeePass, AnyDesk, WinSCP, and Arc Browser to trick end users into downloading malware. Malicious campaigns display legitimate clickable URLs that, when clicked, redirect the unsuspecting victim to malicious sites riddled with malware such as Trojan horses, InfoStealer software, and more.
Other malvertisers preferred to use Google Ads to launch tech support scams targeting end users of popular platforms such as eBay. Others have launched corrupted search ads impersonating job portals from large companies, such as Lowe’s and Ransomware and Fileless Malware attacks targeting system administrators for large companies such as Windows, etc.
Insight: Because malvertizers can get away with these techniques by creating multiple accounts simultaneously and using text manipulation and cloaking, they usually fly under the radar and remain completely undetected. And as malvertisers evolve their methods with new technologies and adapt to ad network security methods, this tactic will most likely continue to be used in 2025, targeting not only popular networks like Google, but platforms of all sizes around the world.
Final thoughts
As increasingly complicated work structures and powerful technological tools continue to change the online landscape, cybercriminals continue to exploit software vulnerabilities to steal sensitive business. This again highlights the importance of investing in ad security. Not only to protect business information and assets, but also to promote a safer digital ecosystem that provides a pleasant online user experience and personal online security.
Marketing Technology News: GenAI and the future of marketing
