Threat Research Strategy

Threat Research Strategy

Threat Research Strategy

Understanding the Tactics, Techniques and Procedures (TTPs) used by cybercriminals to execute an attack requires an ongoing analysis of the respective tools, infrastructure, credentials and behavior, or what we define as our Four Pillars of Detection framework. This framework is used to answer the following questions:

  • What are my adversary’s goals?
  • What does my adversary need to accomplish those goals?
  • Who is my adversary, what resources do they have and how determined are they?
  • What should my strategy be to mitigate my adversary?

The threat research into the Four Pillars of an attack will provide valuable insights that will enhance your ability to detect and defend against these sophisticated attacks.

 

 

Four Pillars of Detection

 

 

Credentials

Credentials

An essential for automated business logic abuse such as account takeovers and fake account creation, cybercriminals need either legitimate and compromised, or fake credentials to carry out these attacks. The credentials research focuses on where the credentials come from, and how they are used in these attacks.

Tools

Tools

The most basic components of these type of attacks, the tools research focuses on the heuristics of the immutable characteristics of the code launching the attack. Increasingly, customized, one-off tools are being replaced by commercially available tools, making it easier to launch common attacks, yet more difficult for novice users to create sophisticated attacks.

Infrastructure

Infrastructure

An essential resource that bad actors need to anonymize themselves and distribute/randomize their attack with the end goal of appearing to initiate “legitimate” application transactions. By correlating data across a wide range of customers with a variety of attack types, our research will expose any distinct infrastructure usage patterns.

Behavior

Behavior

The heart of automated bot attacks, behavior represents the unique fingerprint of a cybercriminal that is using tools, infrastructure and credentials to launch the attack. Much of our research into “bot behavior” actually deals with the human element of automated bot attacks and how the cybercriminal  responds to mitigation, friction or any kind of defensive action.

Recent Threat Research

Gain valuable insight into how automated attacks operate and how you can prevent them.

4 June 2020
Tales from the Frontlines: Increasingly Sophisticated Cat and Mouse Games  

The last Tales from the Frontlines post focused on a single customer and the attack volume increase they experienced following the COVID-19 lockdown. In this installment, we will look at the increasingly sophisticated game of cat and mouse defenders are playing with attackers, including high-volume diversionary tactics commonly used as

Read Now
Target APIs
8 June 2020
Tales from the Front Lines: Attackers Target APIs with GET-Based ATOs 

This blog will describe how account takeovers (ATO) can be executed against APIs using GET methods, as opposed to POST. It's an excellent example of how bad actors will analyze an application to uncover potential attack vectors. A Brief Primer on GET and POST The GET method allows you to fetch

Read Now
Bulletproof Proxies
31 July 2019
Bulletproof Proxies: The Evolving Cybercriminal Infrastructure

The concept of Bulletproof Hosting is relatively well known in the security universe. These services allow customers to upload and distribute malware, illegal pornography, manage phishing sites, and host other well-known security threats. From the perspective of an attacker, a good Bulletproof Hosting service will: Provide anonymity and protection from

Read Now

Stop ATO in 15 Minutes

Check out this short webinar on preventing ATOs that may lead to financial fraud.

Stop ATO in 15 Minutes