TAG Today - August 2020
In this month's newsletter:
TOP STORIES:
TAG Hires Former Citi Head of Threat Intel to Lead Expanded Threat Sharing Role
Earlier this month, TAG announced that it had hired one of the brightest lights in the digital threat sharing world, Danielle Meah, former Global Head of Threat Intelligence for Citigroup, as TAG’s first Director of Threat Intelligence.
In her new role, Danielle will lead the TAG Threat Exchange and work with the industry to foster an effective threat-sharing culture. She will also direct TAG’s role as the ad industry’s first and only Information Sharing and Analysis Organization (ISAO), including expanding the work of the TAG Threat Exchange to rapidly identify threats to the digital advertising supply chain, share information on those threats across hundreds of companies, and work with law enforcement to investigate and prosecute the criminals involved.
“In the eternal cat-and-mouse game between good guys and criminals, TAG just hired the Bengal tiger of threat intelligence,” said Mike Zaneis, CEO of TAG. “Danielle is a world-class expert on the tools and techniques used by criminals to exploit holes in the digital supply chain, and she will help TAG expand our threat intelligence and threat sharing capabilities to help the digital ad industry build a rapid reaction system that identifies, analyzes, and disseminates information on new and emerging threats.”
Coverage of Danielle’s hiring included MediaPost, Advanced Television, Communications Daily, Mobile Marketing Magazine, and MarTech Series.
TAG Releases White Paper on Malvertising Background and Best Practices
Along with the announcement of Danielle’s hiring, TAG also released a new White Paper, “Changing the Criminal Calculus: Best Practices in the Fight Against Malvertising,” which provides a comprehensive overview of the malvertising threat and the steps that companies should take to protect themselves and their partners. Among the best practices described in the White Paper, companies should:
Take responsibility and communicate their commitment by:
-
- Creating and sustaining an internal focus on keeping ads free from malware
- Developing a "zero tolerance" policy for ads infected with malware.
- Earning the TAG Certified Against Malware Seal to demonstrate the company has adopted the rigorous standards needed to fight malware.
Choose the right partners through steps such as:
-
- Knowing their risk tolerance and choosing partners that share and can accommodate those values.
- Asking the right questions during the RFP process, for example, whether potential partners use malware scanning and real-time detection techniques.
- Checking if partners have received the TAG Certified Against Malware Seal.
Work closely with partners to develop and execute their strategy by:
-
- Designating a trained Brand Safety Officer within the company.
- Documenting appropriate points of contact at partner companies.
- Clearly communicating a plan to protect assets before a campaign launches
- Stay involved once campaigns are launched by ensuring proper mitigation strategies are in place to stop malvertising attacks at any point in a campaign.
See the bigger picture beyond each individual company by:
-
- Providing partners with information about incidents of malware-infected creative, so they can be on the lookout for reoccurrences of those issues.
- Supporting industry-wide threat sharing.
TAG and Protected Media Launch “Operation Slay Hydra” to Share Info on App Fraud
As the ad industry’s first and only Information Sharing and Analysis Organization (ISAO), TAG recently worked with Protected Media to alert and inform key participants in the supply chain about a sophisticated new app fraud operation called “Hydra.”
Following is an excerpt from a Business Insider article describing the effort:
[Hydra CEO Asaf] Greiner brought his findings to the attention of Google and other companies, as well as the Trustworthy Accountability Group, an industry body that fights fraud, malware, piracy, and a lack of transparency in digital advertising. …
Meanwhile, TAG launched "Operation Slay Hydra" to share information about Hydra with digital-ad sellers so they could protect themselves and share information about how Hydra is evolving. …
"Hydra is a really accurate name because the impressions are being sold through many networks and being diluted — there are a lot of heads to slay," Rachel Nyswander Thomas, the chief operating officer of TAG, said. "What's newer is the degree to which it's focusing on in-app inventory and that it's hiding itself in newer ways." …
TAG is also trying to create permanent sharing groups to get advertising companies more comfortable trading information to help such attacks from spreading, Thomas said.
"It's going to take time to build a culture of threat sharing," she said. "We are brand new to this as an industry. But people are starting to have a great awareness that it's not just about playing whack-a-mole yourself."
TAG in the News
From an op-ed by Rob Rasko, founder and CEO of The 614 Group, in AdExchanger:
About 10 years ago our industry loved to hold up the Lumascape, that mess of logos crammed into a slide, as proof of the fast pace of innovation. In 2011, there were only 150 unique companies on the Lumascape, by 2018 there were more than 7,000.
Here’s my point: This industry has always been defined by innovation. It stems from every corner of our sector. If an individual company can’t solve a problem, many will come together to solve it collectively, as we’ve seen with organizations such as the Trustworthy Accountability Group and the Interactive Advertising Bureau. So take heart, there are countless brains working to solve our most pressing problems.
From “The ‘Real Money’ Behind Pirate IPTV Services: $1 Billion+” in MediaPost:
A subscriber here, and a subscriber there, and pretty soon you’re talking real money in the pirate Internet Protocol TV (IPTV) business. Actually, it’s now worth more than $1 billion in the U.S. alone, according to a study released Thursday by the Digital Citizens Alliance and technology firm NAGRA. …
A spokesman was not able to provide an estimate for pirate IPTV ad revenues at presstime, but a 2016 study conducted by Ernst & Young for Trustworthy Accountability Group (TAG) estimated pirate advertising revenues were about $111 million that year, “including $36 million from premium advertisers and $36 million from non-premium advertisers, such as gaming, dating and virtual private network security services.”
The TAG report also noted that bona fide industry protocols and verification vendor services successfully blocked “an estimated $102 million to $177 million out of the pirates’ pockets.”
A PR Reminder from TAG
We love it when TAG members highlight our work together to fight digital ad crime and improve transparency. Please send any TAG-related press releases, blogs, or other announcements to Andrew Weinstein at andrewwstn@gmail.com for review before release.
A PR Reminder from TAG
We love it when TAG members highlight our work together to fight digital ad crime and improve transparency. Please send any TAG-related press releases, blogs, or other announcements to Andrew Weinstein at andrewwstn@gmail.com for review before release.
Topics: Blog