Digital Media Net - Your Gateway To Digital media Creation. News and information on Digital Video, VR, Animation, Visual Effects, Mac Based media. Post Production, CAD, Sound and Music
Categories: Digital VideoMacNews

HUMAN Orchestrates Unprecedented Private Takedown, VASTFLUX

At its peak, VASTFLUX accounted for more than 12 billion fraudulent ad requests a day, impacting nearly 11 million devices

NEW YORK–(BUSINESS WIRE)–HUMAN Security, Inc., the global leader in safeguarding enterprises from digital attacks with modern defense, today announced the takedown of a highly sophisticated ad fraud operation where more than 1,700 apps were spoofed, targeting 120 publishers, running ads within apps on nearly 11 million devices, and reaching a peak volume of 12 billion ad requests a day. The attack injected malicious JavaScript code into digital ads, allowing the fraudsters to stack dozens of video ads on top of one another and registering views for ads completely invisible to the user.

Dubbed VASTFLUX, the name is derived from the concept of “fast flux,” an evasion technique used by cybercriminals, and VAST, the Digital Video Ad Serving Template that was exploited in this operation. This is the biggest operation uncovered by HUMAN’s Satori Threat Intelligence and Research Team, with a peak of more than 12 billion ad requests a day, reaching the highest per-day volume of any operation uncovered by the Satori team and eclipsing the peak volumes of HUMAN’s previous high-profile disruptions, including Methbot, PARETO and 3ve. This operation has been shut down through a private takedown led by HUMAN, protecting the entire programmatic advertising ecosystem from this cybercriminal organization. HUMAN continues to monitor the VASTFLUX operators.

“What was technically impressive and incredibly concerning about VASTFLUX was the fraudsters hijacked impressions on legitimate apps, which makes it nearly impossible for users to tell if they are impacted,” said Gavin Reid, HUMAN’s newly-appointed CISO. “Orchestrating a private takedown of this magnitude and severity is no small feat, and I want to take a moment to thank all involved, including the HUMAN Satori Threat Intelligence and Research Team, the team at clean.io and the industry leaders who make up The Human Collective who are dedicated to making the programmatic ecosystem safe and human.”

The Satori team found VASTFLUX while investigating an iOS app that was heavily impacted by an app spoofing attack. VASTFLUX is a very sophisticated scheme, exploiting the limited signal available to verification partners in the environment they targeted: in-app advertising, particularly on iOS. VAST fraud has evolved to spoofing bids in one platform to make them appear in another platform, which makes these cross platform attacks a formidable foe.

HUMAN worked closely with its partners in the Human Collective to get additional insight into traffic volumes and verification tags they were using on their ads. Within a two-week period, HUMAN’s Satori Team deployed three distinct mitigation measures to protect customers from VASTFLUX, followed by the private takedown.

The takedown of the VASTFLUX operation comes just three months after the Satori Team announced the disruption of Scylla, a fraud operation targeting advertising software development kits (SDKs) within 9 apps on the Apple App Store and 80 Android apps on the Google Play Store, which collectively were downloaded more than 13 million times.

VASTFLUX’s sophistication underscores a crucial element of modern defense, enabling us to disrupt the economics of cybercrime by increasing the costs to cybercriminals while simultaneously reducing the cost of collective protection. The more we in the industry work together, the harder cybercriminals will have to work to make any particular scheme stick for a meaningful amount of time.

To learn more about the VASTFLUX operation, visit the HUMAN blog, or read the full technical report.

About HUMAN

HUMAN is a cybersecurity company that safeguards 1,200+ brands from digital attacks including bots, fraud and account abuse. We leverage modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Today we verify the humanity of more than 20 trillion digital interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN. To Know Who’s Real, visit www.humansecurity.com.

Contacts

Ellyn Kirtley

Director, Communications

ellyn.kirtley@humansecurity.com
(775) 342-7063

Staff

Recent Posts

Wondershare Unveils SelfyzAI 3.0: New AI Features Enhance Image Editing Experience

VANCOUVER, BC, Nov. 4, 2024 /PRNewswire/ -- In October 2024, Wondershare proudly launched SelfyzAI 3.0,…

6 hours ago

Monomoy Acquires Oliver’s Food Packaging and Equipment Business

The acquisition marks 20 corporate carve-outs, including ten platform investments, all supported by Monomoy’s deep…

20 hours ago

MoonFox Analysis | Chinese A-share Companies’ Global Revenue Journey: Expected to Reach US $1.4 Trillion

SHENZHEN, China, Nov. 4, 2024 /PRNewswire/ -- Since the Reform and Opening-up in China, global…

20 hours ago

TECNO’s #ToneProud Campaign Aspires to End Skin Tone Bias in Imaging Technology to Represent Full Human Diversity

JAKARTA, Indonesia, Nov. 3, 2024 /PRNewswire/ -- In a world where technology and AI shapes…

20 hours ago

BLUE LOCK UNVEILS NEWEST KEY VISUAL AHEAD OF SEASON 2 CLIMACTIC MATCH

NEW PROMOTIONAL VIDEOS AND TEASER BUILDS EXCITEMENT AS THE BATTLE FOR BLUE LOCKS SURVIVAL BEGINS…

2 days ago

WiMi is Working on a Blockchain-Enhanced Federal Learning Privacy-Preserving Mechanism

BEIJING, Nov. 1, 2024 /PRNewswire/ -- WiMi Hologram Cloud Inc. (NASDAQ: WIMI) ("WiMi" or the…

3 days ago