HUMAN Blog

How the VASTFLUX Takedown Benefits Programmatic Players

Today we released a report describing the takedown of one of the largest and most sophisticated ad fraud operations the HUMAN Satori Threat Intelligence & Research Team has ever encountered: VASTFLUX. We applied modern defense with our customers and the Human Collective to orchestrate an unprecedented private takedown.

At its peak, VASTFLUX’s per day volume surpassed every major investigation we’ve ever published with a whopping 12 billion fraudulent bid requests. And being in the fraud fighting business for 10 years, that’s saying something. 

I hurled a lot of superlatives at you—biggest, most sophisticated, ever in history—but what does this all mean for everyone within the programmatic ecosystem? 

Verification Isn't Enough

This operation didn’t go down without a fight. An earlier iteration was discovered in 2020, the operators adapted, and presented this new operation we dubbed VASTFLUX. What makes this latest iteration unique is how much the bad actors were paying attention to the programmatic advertising ecosystem. They went as far as evading ad verification tags in an attempt to go undetected.

In our research report, the Satori team says:

In general, ads that run within apps pass less information to verification providers than ads that run on pages visited within a web browser. That information gap is appealing to fraudsters: they may target advertising opportunities that run in these more restricted environments with the hope that it will take longer for their scheme to be spotted and stopped by companies like HUMAN.

Verification is integral to an advertiser’s job and measurement is every advertiser's bread and butter. However, when the means of measuring are bypassed, you’re not just getting inaccurate results - fraud is getting through, too. HUMAN was built on the fact that ad fraud is the lowest risk, highest reward form of cybercrime. While we’ve done a lot of work to make these operations much more costly and risky to run, fraudsters are continuously trying to find ways to get around technology as they follow the money. We’re dealing with sophisticated cybercriminal organizations looking to make profits from this kind of fraud, and they are relentlessly aggressive in their tactics. 

But it’s one thing to detect a fraud operation, and it’s another thing to shut it down.

The Private Takedown

Takedowns and disruptions often require many stakeholders to execute and sometimes involve law enforcement. Think about Methbot and 3ve; they required both a private and public collaboration to bring the perpetrators to justice. What’s becoming more common for us at HUMAN is to do a private collaboration with customers and partners to truly stop a cybercriminal organization. We accomplished this with the disruption of PARETO.

When we take down an operation, we’re disrupting the economics of cybercrime in real time. We make it too costly for cybercriminals to adapt - the juice isn’t worth the squeeze. At the same time, this reduces the cost of protecting the programmatic advertising ecosystem. That’s what happened here with VASTFLUX. This was another example of a private takedown and was successful with the help of HUMAN customers and the Human Collective. We achieved true collective protection thanks to our customers’ shared commitment to shutting down bad actors. It’s a testament to the combined trust and strength we carry together. 

Additionally, our recent acquisition of clean.io and their anti-malvertising solution is an important element of this takedown and the future of our ad fraud fighting capabilities. Malvertising happens at the earliest point of the fraud journey by injecting malicious code into an ad slot. But with anti-malvertising technology, we can stop it right there before additional fraud methods can be layered on like ad stacking and app spoofing in the case of VASTFLUX. This greatly reduces the amount of money a fraudster makes by cutting off key profit points. With the clean.io acquisition, we’re now in an even better position to reduce fraud across the programmatic ecosystem and collectively protect our customers.

The VASTFLUX operation and takedown underline a point we’ve been making for ten years now: Ad fraud is a cybersecurity problem, not a measurement problem. And the best way to combat it is with security tactics, technology, and policy - not campaign optimizations.

Modern Defense: How We Win

HUMAN employs  modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective protection. The strategy rests on three pillars: visibility, network effect, and disruptions.

  1. Visibility describes the more than 20 trillion digital interactions we verify every week. That number represents more than 85% of the global programmatic impressions we observe and protect. This allows us to deploy protections across a large swath of the internet. As we like to say, a detection event for one is a protection event for all. 

  2. We rarely see a fraudster just once. With our unmatched visibility and protection capabilities, we’re able to collectively protect all customers across industries. We call this our network effect. Fraud schemes are often interconnected, so our protection of many different industries and disciplines (e-commerce, brands, marketing, advertising) allows us to safeguard all from evolving threats. 

  3. And finally, disruptions. This is where our Satori team shines! By discovering, disrupting, and taking down fraud operations, we effectively remove the revenue stream from a cybercriminal. This makes the attacks more costly than the money they gain. Cross-industry collaboration from our customers is vital here, as it was with the takedown of VASTFLUX. 

All of this feeds into our Human Defense Platform, the mechanism that detects fraud and protects HUMAN customers in real-time. The Satori team has taken what they learned from the VASTFLUX takedown and incorporated those learning into our Human Defense Platform to ensure we catch malvertising attacks and sophisticated forms of ad fraud at a speed which makes those schemes unprofitable for fraudsters. That’s the power of modern defense. 

If you’re a part of the programmatic advertising ecosystem and you’re worried that fraud might be impacting you, reach out to our Humans today. When we win, we win together.