HUMAN Security, clean.io | November 04, 2022
HUMAN Security, Inc. (formerly White Ops) — the global leader in safeguarding enterprises from digital attacks with modern defense — today announced the acquisition of clean.io, the industry leader in protection against malvertising and e-commerce fraud. By adding clean.io’s products to the Human Defense Platform, HUMAN is furthering its vision to safeguard the advertising ecosystem from a full range of fraud and abuse by disrupting the economics of cybercrime and ensuring the industry’s $500 billion annual ad spend reaches real humans rather than funding criminal schemes. The acquisition is the third strategic market move HUMAN has made this year, beginning with the announcement of a $100 million growth funding round led by WestCap and NightDragon followed by the merger with PerimeterX, which included a $100 million debt facility from Blackstone Credit. Terms of the acquisition were not disclosed.
When the programmatic advertising ecosystem is used by cybercriminals to deliver malware to end-users via ads, it is known as malvertising. While malvertising increases the risk of compromise by exposing users to malware, it also reflects poorly on the brands and platforms delivering the ads, creating a significant brand reputation problem. By joining forces, HUMAN and clean.io have unlocked real-time anti-malvertising to stop fraud at the source, an offering that doesn’t exist in the market today.
“The vision of the Human Defense Platform is to safeguard organizations from a full range of fraud and abuse by disrupting the economics of cybercrime. As we saw with 3ve, delivering malware via programmatic advertising is one of the most prolific ways to create a large-scale botnet, and it is one of the earliest steps in the attack cycle,” said HUMAN Co-founder and CEO Tamer Hassan.
“The vision of the Human Defense Platform is to safeguard organizations from a full range of fraud and abuse by disrupting the economics of cybercrime. As we saw with 3ve, delivering malware via programmatic advertising is one of the most prolific ways to create a large-scale botnet, and it is one of the earliest steps in the attack cycle,” said HUMAN Co-founder and CEO Tamer Hassan. “By teaming up with clean.io, HUMAN is gaining significant talent with deep domain expertise along with increased signal across the internet, enhancing our collective protection capabilities for our customers across the entire digital ecosystem.”
clean.io employs real-time behavioral protections on page, as opposed to static creative reviews and pre-scanning techniques offline. This methodology allows for the detection and blocking of novel threats, and is all done via a simple and maintenance free integration. clean.io powers protection for more than 125 billion impressions monthly across millions of websites and mobile applications globally. Combined with HUMAN’s programmatic footprint and visibility of more than 20 trillion digital interactions per week and the two companies’ superior detection and threat intelligence capabilities, the addition of clean.io’s technology to the HUMAN Defense Platform will make malvertising incredibly costly for bad actors and enhance protection across the media ecosystem.
Industry leaders also applauded the move. “HUMAN and clean.io have long been strategic partners to help combat two of the most important problems we face in programmatic advertising: malvertising and fraud. This type of consolidation in the ecosystem is welcome news and brings with it a true and holistic, 360-degree approach to fighting cybercrime.” said Ron Lissack, SVP, Chief Architect | Tech Leadership at Xandr. Sr. Director of Product Management at Xandr Sanmati Ananthamurthy also added, “The combined threat lens and mitigation that both HUMAN and clean.io provide, alongside our proprietary tools and processes, only further solidifies where the industry needs to be advancing towards.”
“There has never been a stronger need for collective protection against cybercriminals. Since our founding in 2017, clean.io’s mission has been to put an end to malicious code and to protect the customer experience, revenue and brand from the latest threats,” said clean.io Co-founder and CEO Geoff Stupay, who will serve as Vice President of Media Strategy for HUMAN. “To that end, we are thrilled to be joining forces with HUMAN. Our combined lens, telemetry and mitigation across the ecosystem will deliver the most effective and comprehensive protection for our combined customers.”
HUMAN leverages modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Examples include taking down Scylla — an attack targeting a number of advertising SDKs within apps available via both Google’s Play Store and Apple’s App Store. HUMAN disrupted the PARETO operation — the most sophisticated CTV botnet ever found — in cooperation with Roku and Google. 3ve was brought down together with the FBI, Google, Facebook and many others in the industry. The takedown of Methbot recently culminated in the sentencing of the self-proclaimed ‘King of Fraud’ to 10 years in prison.
“With the clean.io acquisition, the Satori team will gain invaluable talent and threat intelligence. This will help us defend our customers from future attacks and support disruption efforts like 3ve, Methbot, PARETO, and most recently, Scylla,” said HUMAN Vice President of Satori Threat Intelligence and Research Gavin Reid. “We’re looking forward to expanding our investigative power and strengthening our takedown mechanisms to continue safeguarding all of our clients and the industry as a whole.”
To learn more about HUMAN’s acquisition of clean.io, see the joint blog from Tamer Hassan, HUMAN’s CEO and Co-founder and Geoff Stupay, CEO and Co-Founder of clean.io.
HUMAN is a cybersecurity company that safeguards 1,000+ brands from digital attacks including bots, fraud and account abuse. We leverage modern defense—to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Today we verify the humanity of more than 20 trillion digital interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN. To Know Who’s Real, visit www.humansecurity.com.
Founded in 2017, clean.io is a digital engagement security platform that provides businesses with the tools they need to protect their user experiences and brands by controlling the third-party code that executes on their websites. From helping some of the world's largest online publishers to prevent malvertising, to giving e-commerce merchants the ability to block the injection of unwanted discount codes at checkout, clean.io's mission is to ensure that brands truly own and control their most valuable digital assets - their websites. Visit clean.io at www.clean.io.
Ad Tech and Martech
Human Security | September 26, 2022
HUMAN Security, Inc. (formerly White Ops), the global leader in safeguarding enterprises from digital attacks with modern defense, today announced the discovery and disruption of a highly sophisticated fraud operation targeting advertising software development kits (SDKs) within 9 apps on the Apple App Store and 80 Android apps on the Google Play Store, which collectively have been downloaded more than 13 million times. The attack, nicknamed Scylla, is an adaptation of a fraud scheme first observed and disrupted by HUMAN’s Satori Threat Intelligence and Research Team in 2019. While the attack is ongoing and actively being monitored by the Satori team, HUMAN has collaborated with Apple, Google and others to take down the fraudulent apps from their respective app stores.
“Our number one goal is to protect our customers and the digital ecosystem from cybercriminals such as those behind these attacks. The only way we can do this is with modern defense where we can work together across the industry on disruptions like Scylla,” said HUMAN Co-Founder and CEO Tamer Hassan.
“Our number one goal is to protect our customers and the digital ecosystem from cybercriminals such as those behind these attacks. The only way we can do this is with modern defense where we can work together across the industry on disruptions like Scylla,” said HUMAN Co-Founder and CEO Tamer Hassan. “We will continue to remain vigilant for other similar attacks and harness the work of collective protection—where an attack on one is a protection event for all—disrupting the economics of cybercrime. That’s the only way we win. ”
Scylla is the third wave of an operation HUMAN first uncovered in 2019, in which a collection of 40+ Android apps openly committed multiple types of ad fraud. That scheme, nicknamed Poseidon after elements of the code within the apps, was disrupted by the Satori team’s reverse engineering efforts, resulting in Google removing the apps from its Play Store. A 2020 adaptation of the scheme, nicknamed Charybdis after the daughter of Poseidon, incorporated additional code obfuscation and SDK targeting techniques.
Today’s announcement of the disruption of Scylla—named after the granddaughter of Poseidon—reflects a new evolution from the threat actors behind the scheme. While the Poseidon and Charybdis operations centered wholly on Android apps, the Satori team has found evidence that Scylla additionally targets iOS apps and has expanded the attack to other parts of the digital advertising ecosystem.
HUMAN’s Satori team worked closely with the Google Play Store and Apple App Store to ensure all of the apps identified as being associated with the Scylla operation have been removed from public access. HUMAN also closely collaborated with impacted advertising SDK developers to mitigate the impact of the operation to their processes and their advertising partners. Customers of HUMAN’s MediaGuard solution are protected from fraud associated with Scylla and with its predecessors.
Apps within the Scylla operation committed fraud through a variety of tactics, including:
App spoofing, in which the Scylla apps pretended to be other apps for the purpose of digital advertising,
Hidden ads, in which the apps would render advertisements in places a user couldn’t actually see them, and
Fake clicks, in which the apps would keep track of real clicks on advertisements in order to fake additional clicks later.
These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla. This is an ongoing attack, and users should consult the list of apps in the report and consider removing them from all devices. As this attack has evolved multiple times already, the Satori team has withheld certain details about the operation in order to better track and report on further adaptation.
HUMAN verifies the humanity of more than 15 trillion digital interactions per week, offering enterprises a platform with unmatched visibility into fraudulent activity across the Internet. HUMAN achieves this scale through its continued expansion in cybersecurity, including its recent merger with PerimeterX, now offering a suite of products to protect the complete digital customer journey. With new partners and enterprises now able to leverage the Human Defense Platform, comes an even deeper understanding of the cybercrime landscape, enabling HUMAN to adapt continuously, staying ahead of adversaries with modern defense (leveraging internet visibility, network effect, and disruptions), and safeguarding clients with collective protection against threat models they have yet to encounter.
The Satori team used numerous tools to identify Scylla and its operators, whose information has been shared with law enforcement. To learn more about the Scylla operation, visit the HUMAN blog.
HUMAN is a cybersecurity company that safeguards 500+ customers from digital attacks including sophisticated bots, fraud and account abuse. We leverage modern defense—internet visibility, network effect, and disruptions—to enable our customers to increase ROI and trust while decreasing end-user friction, data contamination, and cybersecurity exposure.Today we verify the humanity of more than 15 trillion interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN. To Know Who’s Real, visit www.humansecurity.com.
the humane society of the united states | October 14, 2016
National Pasteurized Eggs—sold in grocery stores nationwide under the Davidson’s brand—is misrepresenting how its eggs are produced, according to a federal complaint filed by The Humane Society of the United States. The complaint, filed with the Federal Trade Commission, calls for the agency to further investigate potential violations of federal false advertising laws. Davidson’s cartons prominently depict lush open pastures, a red barn and free-roaming hens—despite eggs in those cartons coming from birds permanently locked in cages so tightly they can’t even spread their wings. Contrary to the messaging conveyed on the packaging, these birds never feel sunlight nor touch a blade of grass. (While some Davidson’s eggs are cage-free, even those coming from caged hens are marketed and sold in this deceptive manner.)