Security News > 2020 > April > Ad Fraud Operation Accounted for Large Amount of Connected TV Traffic
A Connected TV ad fraud operation managed to generate as much as 28% of the CTV traffic observed in January 2020 by White Ops, a company that specializes in bot fraud protection.
White Ops discovered that "66% of programmatic CTV-related SSAI traffic and 15% of programmatic mobile-related SSAI traffic" was part of this operation in January 2020.
The threat actors behind the attacks were able to generate traffic for fictional edge devices using over 1,000 different user-agents, more than 300 different appIDs from various publishers, at least 2 million spoofed IP addresses, and roughly 1,700 SSAI server IPs located in 9 countries generating the traffic.
"The ICEBUCKET operation is unique in that a subset of the traffic is being generated to benefit app publishers directly through direct deals. We've observed cases where such publishers are mixing up organic and ICEBUCKET traffic in what seems to be early signs of traffic sourcing schemes for CTV traffic," the researchers explain.
Icebucket remains an ongoing operation, as the volume of traffic associated with it hasn't been reduced to zero yet, White Ops reveals.