Attackers are adapting and evolving to give themselves the best chances for success when they commit account takeover or other fraudulent attacks, often attempting to work around bot-detection tools to enable greater efficiency with automated attacks.
A recent report titled
There are some key differences between basic and sophisticated attacks. A basic attack focuses on high volume rather than quality. Basic attacks don’t attempt to emulate user behavior or browser interactions, nor do they typically execute JavaScript. Sophisticated attacks, however, will show lower volume in many cases but attempt to emulate user behavior. Sophisticated attacks will also display expected browser or application behavior and run scripts in the environment to create human-like interactions.
Sophisticated bot-detection tools, improved Captchas, and other technologies that mitigate automation are making it very difficult for bad actors to succeed in their schemes, forcing them to look at foolproof alternatives that bypass these bot challenges, particularly when targeting high-value accounts such as financial accounts or merchant accounts with stored value.
Sophisticated attacks seem to be the solution to getting around these automation-mitigation techniques. These smart attacks work by using techniques that mimic human behavior and, by doing so, reduce the chances of being detected by bot-detection tools. Their attack patterns can include the use of the keyboard to type user information – a script doesn’t need to use a keyboard to type, but it can be programmed to do so in order to seem human. Additionally, by using irregular keystrokes and random pauses, scripts can further imitate human behavior. Lastly, sophisticated attacks will often use fake IP and location combinations that match (e.g., an IP that belongs to an area in New York and a location that also points to New York) in order to fool bot-detection tools which flag IP and location combinations that do not match.
Attackers will often use randomized IPs and locations in order to keep costs to a minimum; however, by making sure the two variables match, the attack is far less likely to be detected.
In addition, attackers are also increasing the use of human workers to attack high-value accounts by using human farms where workers are paid to type out the required information on a device in order to bypass any bot mitigation challenges. The farms often pop up in developing countries and are paid by completed task, which could be a completed login, a posted review or a new account creation. These types of attacks are reported to be up by 330% in 2019, representing an enormous increase and a veritable concern for organizations of all sizes.
Because of the nature of sophisticated, human-driven attacks, they are lower in number, making the danger seem less threatening. However, the human element increases their attack’s chances to succeed, bypassing traditional security solutions. Some cybercriminal groups are extremely fluid, and the combination of humans and bots has become somewhat of a norm, posing a significant risk.
In order for organizations to protect against both basic and sophisticated attacks, it’s vital that companies take a holistic approach when it comes to cybersecurity, utilizing solutions that can detect different behaviors such as automated behavior, unusual human-like behavior, device recognition and low reputation information, such as IP addresses used as part of fraud attacks in the past.
Organizations should also employ tools that increase visibility into cyberattacks and red-flag unusual activity and behavior. For example, device intelligence can help detect fraudulent sub-populations. Rules and policies are also a key security layer. Security leaders need to ensure that the good customer’s behavior is accounted for when creating automated processes with their security tools, so that they don’t encounter additional barriers. There is no one approach when it comes to running a secure business, making it essential to have rules policies tailored to meet each organization’s specific needs.
As the cyber-threat landscape evolves, so must the solutions used to detect and prevent them.