Black Hat USA 2025 | No Hoodies Here: Organized Crime in AdTech скачать в хорошем качестве

Black Hat USA 2025 | No Hoodies Here: Organized Crime in AdTech

For nearly a decade, traffic distribution systems (TDSs) have enabled cybercriminals to hide the true nature of their operations. A TDS serves not only to 'cloak' their activity but also to ensure that victims are 'delivered' to the malicious bait they are most likely to take. These systems are so complex that they are often disregarded with off-hand references to 'a bunch of redirects,' but TDSs are critical enablers to a wide range of crime, from scams to information stealers. In this talk, we will unveil the true identity and nature of one of the most pervasive TDS operators in the landscape, which serves as a cautionary tale of how organized crime actors have created an adtech sector unnoticed by the security community. VexTrio operates the oldest documented (dating back to 2015), most prolific criminal TDS. For years, it was assumed that VexTrio was a gang of 'hackers in hoodies' operating in the dark web as part of the underground economy. In reality, VexTrio operates in the corporate world and their activities go far beyond traffic distribution. They run a vast enterprise that includes dozens of companies across adjacent industries (not just adtech) on multiple continents. We'll share how we unraveled their operations and how they responded to coordinated exposure, cementing our confidence in the conclusions. Unmasking VexTrio has been a watershed moment in understanding the role of organized crime within the adtech industry. Numerous other syndicates were discovered as a result, as well as their affiliations with one another. With this new perspective, attendees working in threat intelligence will see TDS in a different light, allowing them to help advance the industry's knowledge and capabilities to fight against malicious adtech. While at the same time, attendees working in defender positions will understand events in their own network better. By: Renée Burton | VP of Threat Intel, Infoblox Dave Mitchell | Senior Director, Threat Intel, Infoblox Christopher Kim | Senior Staff Threat Researcher, Infoblox Full Session Details Available at: https://blackhat.com/us-25/briefings/...