Threat Research Strategy

Threat Research Strategy

Threat Research Strategy

Understanding the Tactics, Techniques and Procedures (TTPs) used by cybercriminals to execute an attack requires an ongoing analysis of the respective tools, infrastructure, credentials and behavior, or what we define as our Four Pillars of Detection framework. This framework is used to answer the following questions:

  • What are my adversary’s goals?
  • What does my adversary need to accomplish those goals?
  • Who is my adversary, what resources do they have and how determined are they?
  • What should my strategy be to mitigate my adversary?

The threat research into the Four Pillars of an attack will provide valuable insights that will enhance your ability to detect and defend against these sophisticated attacks.

 

 

Four Pillars of Detection

 

 

Credentials

Credentials

An essential for automated business logic abuse such as account takeovers and fake account creation, cybercriminals need either legitimate and compromised, or fake credentials to carry out these attacks. The credentials research focuses on where the credentials come from, and how they are used in these attacks.

Tools

Tools

The most basic components of these type of attacks, the tools research focuses on the heuristics of the immutable characteristics of the code launching the attack. Increasingly, customized, one-off tools are being replaced by commercially available tools, making it easier to launch common attacks, yet more difficult for novice users to create sophisticated attacks.

Infrastructure

Infrastructure

An essential resource that bad actors need to anonymize themselves and distribute/randomize their attack with the end goal of appearing to initiate “legitimate” application transactions. By correlating data across a wide range of customers with a variety of attack types, our research will expose any distinct infrastructure usage patterns.

Behavior

Behavior

The heart of automated bot attacks, behavior represents the unique fingerprint of a cybercriminal that is using tools, infrastructure and credentials to launch the attack. Much of our research into “bot behavior” actually deals with the human element of automated bot attacks and how the cybercriminal  responds to mitigation, friction or any kind of defensive action.

Recent Threat Research

Gain valuable insight into how automated attacks operate and how you can prevent them.

protecting from automated attack
5 November 2019
Tales from the Front Lines: A Long Weekend Ruined for Whom?

Automated bot attacks are a bit different than other types of cyber-attacks in several ways. First, these attacks are difficult to defend against because they appear to be legitimate uses of the public-facing application business logic (e.g., login, account sign up, browse, shop, check out, etc.), and blocking the seemingly

Read Now
Prying-Eye Vulnerability
1 October 2019
Prying-Eye Vulnerability: Direct-to-API Enumeration Attack Enables Snooping

The Prying-Eye vulnerability is an example of an enumeration attack that targets web conferencing APIs with a bot that cycles through (enumerates) and discovers valid numeric meeting IDs. If the common user practice of disabling security functionality or not assigning a password is followed, then the bad actor would be

Read Now
Bulletproof Proxies
31 July 2019
Bulletproof Proxies: The Evolving Cybercriminal Infrastructure

The concept of Bulletproof Hosting is relatively well known in the security universe. These services allow customers to upload and distribute malware, illegal pornography, manage phishing sites, and host other well-known security threats. From the perspective of an attacker, a good Bulletproof Hosting service will: Provide anonymity and protection from

Read Now

Stop ATO in 15 Minutes

Check out this short webinar on preventing ATOs that may lead to financial fraud.

Stop ATO in 15 Minutes