Fifteen Zeroes: Inside the Quadrillion Cyberthreat Benchmark Report

A quadrillion is one of those numbers that manages to be both intuitive and hard to visualize at the same time. It’s a one followed by fifteen zeroes. It’s a million billion. One quadrillion seconds is 31 million years (which, for reference, takes us back to when the Himalayas were just starting to, y’know, exist).

It’s also how many interactions the Human Defense Platform observes every year, and it’s that scale that informs this year’s Quadrillion Report: 2025 Cyberthreat Benchmarks. We looked at all these interactions to uncover trends in key threat vectors, examining where threat actors are focusing their efforts and on what attacks.

Our big takeaways from the research:

• Fake accounts and post-login account compromise are a growing challenge for businesses, with the number of each attack rising dramatically from 2023 to 2024.
• Scraping attacks are growing rapidly for many industries, with retail/e-commerce and streaming/media being particularly heavily-targeted by threat actors.
• HUMAN observed more than twice as many attempted account takeover (ATO) attacks in 2024 as in 2023, reflecting the continued value of ATO attacks to threat actors.

Answering the “Why”: Exploring Threat Actor Motivations

One new element of this year’s report is an increased focus on why threat actors carry out certain attacks more than others or target certain industries more than others.

The really short answer—and try not to faint from the shock—is money. There’s a lot of variables that go into the resale value of the fruits of a threat actor’s labor, many of which mirror the variables in your Economics 101 supply-and-demand discussions: how many hacked accounts are available, how difficult is it to hack an account, how much stored value does the account have (loyalty points, actual dollar balances, or PII that’s resellable independent of the account itself), how competitive is the industry in which the target company operates, etc.

Within the report, we examine the dark web price points for many attacks, including hacked accounts, fake accounts, scraped data, and stolen credit card information. And they manage to be worth both more than you think and less than you’d expect at the same time: access to a hacked account on a streaming service might go for a couple bucks, while access to a crypto account might go for a couple thousand bucks. It’s certainly not a surprise that one has more intrinsic value than the other, but unless there’s some categorical proof of the value of the cryptocurrency stored on the latter account, thousands (plural) of dollars is more than I’d have guessed it would have been worth on the “open” market.

Knowing how much a single hacked account or scraped data set is worth to a threat actor puts the need for protections into stark perspective. It’s an old HUMAN axiom that anything worth doing on the internet is worth doing many times over and over again, so it’s not one hacked account that’s the issue, it’s thousands of them. Businesses should think of those dark web prices like a bounty: the higher it is, the more people will be going after it.

Spotted In the Wild: Account Takeover, Carding, and Scraping Attacks Proliferate

Another new element of this year’s report is the In the Wild segments throughout. Those are based on real-world attempted attacks on HUMAN customers (which were flagged by the Human Defense Platform), and illustrate some extreme examples of what threat actors are capable of.

Some of these include:

• A month in which 97% of login traffic to one customer was an attempted ATO attack.
• A month in which HUMAN flagged more than 150 million attempted carding attacks on one customer.
• A six-month stretch in which more than half of all traffic to one customer’s website was attempting a scraping attack.

That volume, combined with the price points described above, really illustrates the need for organizations to prioritize protections for the entire customer journey. These attacks can—if successful—be very lucrative for threat actors and can arrive at an absolutely massive scale.

Check out The Quadrillion Report: 2025 Cyberthreat Benchmarks for more examples of real-life attacks and to learn about what trends our researchers uncovered.