WHAT IS MALICIOUS AUTOMATION? Definition and detection of a new pervasive online attack

Similar documents
RSA Web Threat Detection

The 2017 State of Endpoint Security Risk

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Business Logic Attacks BATs and BLBs

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Multi-vector DDOS Attacks

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

with Advanced Protection

MODERN DESKTOP SECURITY

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

CASE STUDY TOP 10 AIRLINE SOLVES AUTOMATED ATTACKS ON WEB & MOBILE

CyberArk Privileged Threat Analytics

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Security Gap Analysis: Aggregrated Results

The Center for Internet Security

An Introduction to the Waratek Application Security Platform

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

Security & Phishing

paladin vendor report 2017

Attackers Process. Compromise the Root of the Domain Network: Active Directory

RSA Web Threat Detection

Phishing in the Age of SaaS

Enterprise D/DoS Mitigation Solution offering

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Protecting Your Enterprise Databases from Ransomware

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

Integrated Access Management Solutions. Access Televentures

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS

Account Takeover: Why Payment Fraud Protection is Not Enough

Reducing Cyber Risk in Your Organization

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

Accelerating growth and digital adoption with seamless identity trust

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

NEVIS Smart Solutions against sophisticated attackers

DHS Hackers and the Lawyers Who Advise Them

The Interactive Guide to Protecting Your Election Website

The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering

Botnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer

Privileged Account Security: A Balanced Approach to Securing Unix Environments

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

RSA NetWitness Suite Respond in Minutes, Not Months

Mastering The Endpoint

Building Resilience to Denial-of-Service Attacks

WHITEPAPER. Protecting Against Account Takeover Based Attacks

A Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services

An Introduction to Runtime Application Self-Protection (RASP)

Advanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection

Cyberspace : Privacy and Security Issues

Vidder PrecisionAccess

SECURING DEVICES IN THE INTERNET OF THINGS

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

CA Test Data Manager Key Scenarios

WHITE PAPER. Best Practices for Web Application Firewall Management

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Exposing The Misuse of The Foundation of Online Security

Copyright

Systemic Analyser in Network Threats

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Resolving Security s Biggest Productivity Killer

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,

Securing Devices in the Internet of Things

Cloud Security, Mobility and Current Threats. Tristan Watkins, Head of Research and Innovation

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

Office 365 Buyers Guide: Best Practices for Securing Office 365

STEVE GOODING JUNE 15, 2018

Built-in functionality of CYBERQUEST

CYBER RESILIENCE & INCIDENT RESPONSE

Securing Your Amazon Web Services Virtual Networks

Protect Your Organization from Cyber Attacks

AKAMAI CLOUD SECURITY SOLUTIONS

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

Cybersecurity for Service Providers

Cybersecurity, Trade, and Economic Development

Security for an age of zero trust

Best practices with Snare Enterprise Agents

THE ACCENTURE CYBER DEFENSE SOLUTION

ANATOMY OF A SPEAR PHISHING ATTACK. A Menlo Security Research Report

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Arbor White Paper Keeping the Lights On

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

Evolution of Spear Phishing. White Paper

Simplifying Threat Modeling OWASP 9/23/2011. The OWASP Foundation Mike Ware Cigital, Inc

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

White Paper February McAfee Network Protection Solutions. Encrypted Threat Protection Network IPS for SSL Encrypted Traffic.

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Securing Your Microsoft Azure Virtual Networks

WHITE PAPER Hybrid Approach to DDoS Mitigation

Transcription:

WHAT IS MALICIOUS AUTOMATION? Definition and detection of a new pervasive online attack

INTRODUCTION WHAT IS I n this whitepaper, we will define the problem of malicious automation and examine some of the common tools used to exploit the vulnerability of modern web properties. Furthermore, we will examine why malicious automation is so difficult to detect and mitigate, and explore common targets of these attacks. Finally, we will highlight the significant economic benefits to reducing malicious automation on your web properties. automation has morphed into a highly sophisticated and modern form of attack. Widely available attack tools and custom formatted attacks can learn and automate the entire flow of a given application, allowing criminals to move efficiently towards their target, while hiding in plain sight amongst legitimate human users. Automation occurs in many forms such as scripts, sophisticated attack tools, or real browser automation tools. All these are commonly MALICIOUS What is Malicious Automation? Malicious automation attacks are web/api/ Mobile requests sent with malicious intent, that evade traditional detection methods. The intent of actors using malicious automation attacks can be: * Validate a set of leaked user credentials * Automated password reset * Bulk fake account creation * Account scraping, peeking * Site scraping * PII theft * Theft of money, goods and services AUTOMATION? Malicious automation thrives on the foundation of recent advancements in cloud and mobile computing. The attackers can easily build campaigns that are highly scalable, extraordinarily efficient, and difficult to detect & trace origins/actors. This transition has fundamentally transformed the underlying dark-economy of cyber attackers, causing malicious automated attacks to become ubiquitous across virtually any web-facing functionality in an enterprise. Contrary to traditional viewpoints, malicious used to launch malicious automation attacks. The Web/API/Mobile requests generated by these attack tools are syntactically correct, meaning they do not exploit any vulnerability in the application stack, and do not trip any alerts in traditional security solutions like IDS/IPS or web application firewalls. Current solutions for API s are ineffective, consequently attackers exploit them. Criminals notoriously pursue the attack channel with the least friction, leaving API s just as vulnerable to malicious automation as traditional web targets. <<< 1

MALICIOUS AUTOMATION TOOLS T here are a large number of malicious automation tools available on the black market. Most of these are free, although a few are sold for relatively small sums of money, typically via bitcoin. Sentry MBA is one of the commonly available and widely used black market tools. It s also interesting to note that while the tool itself is free, there is an active black market in the config files that are specific to a particular target site. Typically, these config files sell for 50 (give or take). These config files allow the tool to navigate the unique characteristics of the target URL. When paired with proxy list files and combo lists of stolen credentials all widely available in underground marketplaces and public sites like Pastebin Sentry MBA efficiently performs sophisticated malicious automation attacks, while requiring little expertise on behalf of the user. <<< SentryMBA AccessDiver MALICIOUS AUTOMATION TOOLS INCLUDE: Browser automation tools like Selenium Hitman AIO Checker Vertex Perl scripts 2

THE PROBLEM WHY IS D ue to major advancements in cloud computing power and mobile computing, malicious automation is a chronic problem for most enterprises. Earlier, mostly homegrown solutions have proved ineffective in the face of well-established black market tools and advanced criminal organizations. All of the above techniques create significant, revenue-reducing user friction and create a false sense of security due to lack accurate detection of malicious automation attacks. They negatively affect user experience, introduce latency, and are generally ineffective when scaling up to the enterprise Web. <<< MALICIOUS AUTOMATION Examples of solutions that are incapable of effectively detecting or mitigating such attacks include: Web Application Firewalls SO HARD TO STOP? According to customer data, these can be defeated by OCR more than 85% of the time and introduce significant user friction and subsequent revenue reduction Simple mitigation techniques - IP blocking & Rate limiting Easily fooled by most tools and techniques, either by rotating IPs, attacking via low & slow method, and using trusted cloud sources. WAFs won t alert on syntactically correct actions. Since malicious automation is a syntactically correct attack, WAFs provide no detection ability. IDS & IPS These scan a variety of protocols and need to make decisions extremely fast; inevitably missing sophisticated malicious automation attacks. Lack of historical look-back capability prohibits behavioral analysis and deep learning, which are essential for advanced detection. 3

ANATOMY OF AN ACCOUNT TAKEOVER ATTACK LOGIN ACCOUNTS Email Password LOGIN Stolen/Leaked Credentials Evasion Techniques Rotate Timing Value Extraction Rotate Users & Devices Rotate User Agents & IP s Use cloud providers & open proxies 4

THE PROBLEM WHO IS A TARGET OF A t Stealth Security, we believe that every major e-commerce company needs protection from malicious automation today, and every company transacting online will need it tomorrow. Let s break down a few of the key characteristics and industry verticals of the targets most vulnerable to malicious automation. CHARACTERISTICS OF A TARGET SITE: From the perspective of an attacker, the most common characteristics of a target site include: Value stored in accounts or on the site in the form of money, reward points, miles, game character value, etc. Large populations of user accounts, accessible through the web, and valuable data for scraping like retail item prices, sensitive personal data, ticket prices, and more... DATA WITH INTRINSIC VALUE INDUSTRY VERTICALS: Retail Banking/Finance Media Gaming SCRAPABLE DATA SaaS Healthcare Technology Travel MALICIOUS LOGIN Email Password LOGIN ACCOUNTS Bio ACCOUNT INFO Email Password Account Number Register DATA AUTOMATION? Register MANY USER ACCOUNTS WEB, MOBILE & API WEB JOHN DOE JOHN DOE MOBILE API 5

ANATOMY OF PII & DATA SCRAPING Bio ACCOUNT INFO Email PRICE DATA Password Account Number Register Register Evasion Techniques Data Extraction Rotate Timing Rotate Users & Devices Rotate User Agents & IP s Use cloud providers & open proxies 6

BUSINESS CASE ECONOMIC BENEFITS OF ELIMINATING MALICIOUS AUTOMATION T he direct economic costs to large enterprises of customer data breaches and abused accounts are well documented. According to a 2015 NuData report, incidents of account takeover jumped 112% in Q1 2015 year-over-year. Additionally, that same report cited fake account creation fraud increased by >100% in 2015. Consistent with prior reports commissioned by the Federal Reserve in 2013 and LexisNexis in 2014, the cost of account takeover attacks was over 4.7 billion in 2013 affecting >2% of global consumers, and rising rapidly with an increased volume of attacks. Stealth Security s leadership believes there are further benefits to detecting and mitigating malicious automation. Malicious automation can wind up constituting a significant percentage of traffic in certain application server pools up to 80% in some cases therefore Web and application infrastructure can be significantly overprovisioned. Economically, recapturing this excess capacity can be a worthwhile investment (potentially millions of dollars of infrastructure may be reclaimed for legitimate use). Furthermore, eliminating malicious automation without introducing revenue-reducing user friction points prevents damage to brand reputation, user experience, and the associated economic costs that come with a high user drop-off rate. Malicious automation constitutes a significant percentage of traffic in certain application server pools up to 80% in some cases and therefore the web and application infrastructure can be significantly overprovisioned. Economically, recapturing this excess capacity can be a worthwhile investment. Millions of dollars of infrastructure may be reclaimed for legitimate use. Likewise, the damage to brand reputation that results from a data breach in the form of malicious automation, is in many ways unquantifiable. For those companies whose core business depends upon the confidentiality, integrity, and availability of customer data, leaving any channel susceptible to attacks like account takeover, face account creation, or theft of value, and PII is simply an unacceptable level of risk. <<< 7

HIDDEN COSTS OF MALICIOUS AUTOMATION Example: Account Takeover Attack MALICIOUS AUTOMATION SUCCESSFUL ACCOUNT TAKEOVER ATTACKS Attack campaign typically results in a success rate of 3% - 8%. These compromised accounts amplify the costs of malicious automation through fraud activities. FRAUD Includes chargebacks, cancelled transactions, customer reconciliation efforts, and other attempts to recuperate loss. / Account Compromised...often consumes 10% - 30% or more of website resources REMAINING ATTACK TRAFFIC The vast majority of malicious traffic results in failed fraud attacks but do carry a guaranteed indirect operational cost, regardless of any possible account breaches. SUPPORT COSTS ATOs, fraud, and other account abuse greatly increases customer service contacts, security reviews, and operational changes / Support Case / BRAND DAMAGE Account abuse as well as media attention of large scale attacks creates low customer retainment and adoption. Lost Customer AGGREGATE OPERATIONAL COST The Aggregate Operational Cost of malicious automation to your enterprise is... Network Infrastructure Engineering + + = Operations Costs TOTAL INDIRECT COSTS OF MALICIOUS AUTOMATION OPERATIONS COSTS + SUPPORT + COSTS BRAND DAMAGE =,, POTENTIAL SAVINGS + FRAUD 8

CONCLUSION The economic argument for solving the malicious automation problem highlights the case of criminals using sophisticated and highly reproducible tools to attack the Web/API/Mobile properties of enterprises across all major industries. Because today s solutions are ineffective, criminals have devised many crafty exploits that go undetected by traditional security solutions. That s why Stealth Security is revolutionizing the fight against malicious automation. Learn more about Stealth Security, and our innovative solution Velocity Manager at: www.stealthsec.com Stealth Security, Inc. 2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback