Digiday
The Amazon Effect
Amazon’s ad business grows 123 percent in third quarter, to $2.5b
October 25, 2018 by Shareen Pathak
Amazon’s ad business is worth almost $3 billion. The company reported in third-quarter earnings today that “other” revenue, which is primarily made up of ad sales, is now worth $2.5 billion, an increase of 123 percent from the year prior.
In the second quarter, Amazon had said that ad revenue was up 129 percent to almost $2.2 billion.
In the past few months, Amazon took a major step in consolidating and simplifying its ad products, merging everything into one platform called Amazon advertising so advertisers can buy everything in the same place.
Marketers now see Amazon as a part of the triopoly, although the company’s overall advertising prowess lags far behind the other two legs of the triopoly, Google and Facebook. Google parent Alphabet, which reported that CPC on Google properties is down 28 percent, had total revenue at $34 billion for the quarter, with the majority of that being advertising. Facebook reports third-quarter earnings next week.
Amazon’s ad business, which some estimates project will reach $50 billion in the next decade, is still a small part of Amazon’s overall business, which was $56.6 billion this quarter. Perhaps because of that, both buyers and brands still have gripes about how slowly the platform is improving. They report that the company still has a way to go with the basics, with somewhat rudimentary toolsets, campaign data and some inconsistencies with how ads are bought and what data you get back.
According to data by Teikametrics, which helps brands advertise on Amazon, 32 percent of revenue for brands that sell on Amazon is now driven by advertising on Amazon. And brands have increasing ad spend overall on Amazon by 250 percent since the third quarter of 2017.
Facebook Icon
Twitter Icon
LinkedIn Icon
RSS Icon
Sponsored
When blockers stumble: Where malvertising solutions come up short
Sponsored by The Media Trust
Malware blockers are not the perfect solution some publishers might think they are. Recently, The Media Trust Digital Security & Operations (DSO) team prevented bad ads from executing on a publisher’s website, protecting their audience of 900,000 per week from infection. The client had recently begun to use a malware blocking solution to stop bad creatives from being served, but they would soon discover that these solutions alone would not completely solve their malvertising problem.
Obfuscation: how malware slipped through the blocker’s cracks
To understand this problem further, let’s take a look at a recent example involving a known malicious domain called “dq6375rwn2aoi.cloudfront.net”, likely to be found on a public, open source or third-party list of domains to watch out for. Yet this domain was able to slip past the malware blocker in place because it was disguised in a cloak of additional code that made it unrecognizable and unreadable, a frequently-used process called obfuscation. (See Figure 1.)
(Figure 1)
(Figure 2)
However, scanning the publisher’s ads enabled the DSO team to quickly identify the malware and work with the client to terminate the ads and their source. The team’s analysis of the malware’s infection path shows that once the code executes, it calls “d2bqvm6ajgzddu.cloudfront.net” within the publisher’s website. Next, the malware redirects and presents the infected user with a fake “you’ve won” pop-up that prompts them to claim their reward. (See Figure 2.) When users click “OK”, they are taken to a website that prompts them to provide personally-identifying information (PII), such as name, email and telephone.
In one day alone, the team uncovered similar obfuscated malware executing in 16 other clients’ websites that used the same malware blocking solution.
Blockers: a narrow solution to a broader problem
Some publishers and platform providers intent on avoiding bad ads have resorted to blocking technologies that promise convenience, but this convenience comes at a cost. These commercial blocking solutions consist of scripts designed to detect and obstruct malicious domains and are often installed in a content delivery network.
Clients’ experiences show that blockers provide only a partial solution to the problem of bad ads. There are several reasons. First, at least 90% of malware used in malicious mobile redirects are obfuscated so they can elude blockers, and that percentage is growing as bad actors develop new obfuscation techniques. Second, malware developers often include code that can identify and work around specific providers’ tools. If the malware detects the presence of a known provider’s tool, it will change tack and behave differently. Finally, blockers often use third-party malware data whose currency diminishes by the minute as new malware is introduced into the ecosystem. In fact, the DSO team finds new attacks at a pace of at least one every 30 seconds and classifies at least 5,000 new active malicious domains each month.
According to The Media Trust’s analysis, third-party malware data sources take an average of three to five days to identify and record malware. As a result, by the time a third-party filter is updated, at least 8,600 attacks could have occurred over a three-day period: that’s 14,400 attacks over the course of five days. A single attack can affect anywhere from one to millions of devices.
These numbers show why malware has a significant advantage over commercial blockers. People write malware; machines block them. For blockers to fully match the complexity and sophistication of the malware that hits the ecosystem, they would need to be able to think, recognize and anticipate new patterns of obfuscation and make decisions — rather than follow instructions, which would have to spell out in precise terms every new pattern that emerges. In other words, blockers would have to be as agile, knowledgeable and innovative as malware developers whose growing array of products they are designed to thwart.
Tackling malvertising
Until machines can go toe-to-toe with intelligent programmers, companies should supplement a blocking solution with other measures to reduce their digital risk, be it legal, security or privacy. They should implement a multipronged approach, where a blocker is one among several tools for securing a company’s digital assets and ensuring the privacy of users’ data.
A large part of managing digital risk is collaborating with all of the third parties who support the functions and features of a company’s digital assets. Doing so will involve frequent security audits, sharing and enforcing digital policies, and terminating third parties that fail to align with policies. Third parties with trusted connections to clients’ networks are often the targets of hackers, hoping to break through their weaker security measures.
Second, companies should ensure that periods between updates of the data the blocker uses is short. Ideally, making sure that the malware blocker uses a list that updates as soon as new malware is identified. Third, they should continuously scan their digital assets in real time for unauthorized actors and activities. In the digital ad space, new actors appear in digital ecosystems on a daily basis and, along with authorized parties, can (unintentionally or not) introduce new threats.
Malvertising is not a simple problem. Nor should it be addressed with a simple solution. In both the short and long-run, a comprehensive solution will be the most rewarding for both publishers and their audiences.
Facebook Icon
Twitter Icon
LinkedIn Icon
RSS Icon
Subscribe To
Digiday+
Join Digiday+ and get Digiday magazine with your membership.
Subscribe
Sign Up For
Digiday Newsletter
Get Digiday's top stories every morning in your email inbox.
Sign Up
Follow Us
@digiday
Follow @Digiday for the latest news, insider access to events and more.
Facebook Icon
Twitter Icon
Instagram Icon
LinkedIn Icon
RSS Icon
©2010–2018 Digiday. All Rights Reserved.
About
Privacy Policy
Advertise
Digiday Media
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment