Secure 2024: Forrester Wave™ Q2 2022 Showcases Leading Bot Management Solutions
HUMAN Blog

HUMAN’s Guide to the Digital Galaxy 3rd Edition: Disruptions and Takedowns

"The Earth is a beautiful planet. It is our responsibility to leave it as beautiful as we found it” 

-astronaut Scott Carpenter, one of the first humans to ever go to space. 

At HUMAN, that’s how we feel about protecting the internet - that beautiful, ever-expanding digital universe we all know and love. But as the internet grows, so does cybercrime. It's a ubiquitous threat that affects individuals, organizations, and even governments. And with fraudsters constantly evolving their tactics, it's becoming increasingly difficult and expensive to keep up with them alone.

That's where our third pillar of modern disruptions and takedowns comes in. It's how we disrupt the attack lifecycle of bad actors, stop their profits, and take down their fraudulent operations on a massive scale. It's a cost-effective way of protecting the internet. We do it with the help of our Satori Threat Intelligence and Research team - the astronauts of digital space. A select group of Humans who work tirelessly to shine light on cybercrime and stop it in its tracks.

In the first two editions of our guide to the digital galaxy, we covered visibility and network effect. In our third edition, we'll take you on a journey through the attack lifecycle, showing you how disruptions change the economics of cybercrime, and highlighting our Satori team's decade-long history of successful takedowns. The digital galaxy awaits us. 

How You Stop the Money Matters

Cybercriminals rely on hiding in the shadows of ecosystems to carry out their nefarious deeds. The attack lifecycle is how they go about being alien invaders in an ecosystem. It’s a 5 step process they use to abduct data, resources and money to turn it into continuous profit for themselves. 

Let’s break it down:

Phase 1:

Fraudsters do reconnaissance to gather information about who they are targeting, such as identifying potential vulnerabilities or points for exploitation. This can involve scanning or probing your systems in place to see where an attack would be most successful. 

Phase 2:

Is weaponization after collecting information. The attacker creates a plan. Using bad bots and malware to exploit the vulnerabilities they discovered. This is how they prepare their invasion.

Phase 3:

 The invader delivers the weaponized malware or bad bots to the targeted network. How this process is delivered can vary based on the system. This is the alien ships invading your digital atmosphere. 

Phase 4: 

Once the weaponized alien-like tech has been delivered, the attacker exploits the identified vulnerabilities to gain unauthorized access to the targeted systems on the platform. This stage is where they breach the system or network's defenses. They now have the advantage.

Phase 5: 

After gaining access, the attacker installs persistent malware or establishes backdoors to maintain access and control over the compromised system or network. This where they try to remain undetected as long as possible, trying to cover their tracks to rinse and repeat the operation so it can have a sustained shelf life. A full on secret invasion.

Takedowns are crucial to disrupting the economics of cybercrime because they shift the narrative. How you stop the flow of money matters. It allows for a more cost-effective way to protect the industry and demonstrates to bad actors that losses are a real possibility. At HUMAN, we don't just point out the problem. We solve it by taking down the entire operation. 

Cybercriminals rely on profits to sustain their activities, so taking away their revenue streams deals a significant blow to their overall profitability. There's value in that beyond just me telling you it’s a problem. This not only changes the perspective of bad actors, but also reduces the incentive for others to engage in cybercrime.

We don't limit our solutions to just one customer, platform, or ecosystem. Our aim is to safeguard the entire digital universe by sharing our findings with the wider community through detailed reports. Our threat hunters reverse engineer the attack lifecycle with concise, efficient and technologically advanced techniques. That is the HUMAN lifecycle.

Bringing Darkness to Light 

Those data-driven Satori reports that show our disruptions and takedowns come from the astronauts and jedis of modern defense in the digital universe - The Satori ThreatIntelligence and Research team. Individuals throughout our organization who specialize in disruptions of all sizes and large-scale takedowns of cybercriminal infrastructure on multiple levels. They work closely with law enforcement agencies, governments, HUMAN customers, and other experts to identify and disrupt cybercriminal operations. 

By employing the methodology of modern defense strategy, the Satori team has fundamentally changed how we combat cybercrime. They don't just react to problems, they go on the offense as a form of defense. Their collaborative approach, combined with the abundant resources provided by the Human Collective and our customers, has resulted in numerous successful disruptions and takedowns that have made headlines in the industry. 

Here are a few of those headlines:

  • Methbot: Bots - not humans - watched 300 million videos a day, 6,000 premium publishers were spoofed, more than 3.5 million dollars in restitution was given back thanks to this takedown of The King of Fraud.

  • 3ve: 700,00 active infections during its operation, 3 billion requests per day were made by the botnet. Was a first of its kind takedown joining forces with Google, Facebook, Amazon and FBI.

  • PARETO: More than 6,000 CTV apps spoofed, 1 million infected Android phones, 650 million bid requests a day at its height.

  •  VASTFLUX: Our biggest botnet takedown to date. At its height it produced 12 billion fraudulent ad requests a day, affecting more than 11 million devices and targeting over 1,200 publishers.

The Satori Threat and Intelligence team's success spans over a decade, and it's due to their unmatched experience, expertise, and advanced technology. They provide actionable threat intelligence that keeps evolving with the changing threat landscape. 

The ultimate goal of their disruptions and takedowns is to reduce the profit margins of cybercriminals to zero. This translates into a protected digital landscape, safeguarded customer data, and less profit lost, while simultaneously halting the malicious activities of bad actors. That makes the return on investment priceless.

The Digital Space is Safer Together

Fraudsters' significant advantage is being able to operate in the void unseen and undetected, while being able to operate at a fraction of the price that defense cost. They were able to do this for so long because defense was fragmented. Over the last decade, the astronauts of the digital galaxy, the Satori Threat Intelligence and Research team, have changed that by bringing light to the darkness of the internet space.

The team does not believe in gate-keeping their strategies, but instead shares their knowledge for the greater good. They not only find problems, they solve them. By breaking the attack lifecycle, they are making a real difference in the economic fight against cybercrime.

The best part is that this has been done together through cross-industry collaboration and collective protection. Modern defense and the three pillars - this is the blueprint for safeguarding the internet. By working together with a synchronized vision and combined effort, we can all be architects of a safer digital universe.

 Find out more about the Human Defense Platform and how it helps us complete our mission.