Understanding the Tactics, Techniques and Procedures (TTPs) used by cybercriminals to execute an attack requires an ongoing analysis of the respective tools, infrastructure, credentials and behavior, or what we define as our Four Pillars of Detection framework. This framework is used to answer the following questions:
The threat research into the Four Pillars of an attack will provide valuable insights that will enhance your ability to detect and defend against these sophisticated attacks.
An essential for automated business logic abuse such as account takeovers and fake account creation, cybercriminals need either legitimate and compromised, or fake credentials to carry out these attacks. The credentials research focuses on where the credentials come from, and how they are used in these attacks.
The most basic components of these type of attacks, the tools research focuses on the heuristics of the immutable characteristics of the code launching the attack. Increasingly, customized, one-off tools are being replaced by commercially available tools, making it easier to launch common attacks, yet more difficult for novice users to create sophisticated attacks.
An essential resource that bad actors need to anonymize themselves and distribute/randomize their attack with the end goal of appearing to initiate “legitimate” application transactions. By correlating data across a wide range of customers with a variety of attack types, our research will expose any distinct infrastructure usage patterns.
The heart of automated bot attacks, behavior represents the unique fingerprint of a cybercriminal that is using tools, infrastructure and credentials to launch the attack. Much of our research into “bot behavior” actually deals with the human element of automated bot attacks and how the cybercriminal responds to mitigation, friction or any kind of defensive action.
Gain valuable insight into how automated attacks operate and how you can prevent them.
Automated bot attacks are a bit different than other types of cyber-attacks in several ways. First, these attacks are difficult to defend against because they appear to be legitimate uses of the public-facing application business logic (e.g., login, account sign up, browse, shop, check out, etc.), and blocking the seemingly
The Prying-Eye vulnerability is an example of an enumeration attack that targets web conferencing APIs with a bot that cycles through (enumerates) and discovers valid numeric meeting IDs. If the common user practice of disabling security functionality or not assigning a password is followed, then the bad actor would be
The concept of Bulletproof Hosting is relatively well known in the security universe. These services allow customers to upload and distribute malware, illegal pornography, manage phishing sites, and host other well-known security threats. From the perspective of an attacker, a good Bulletproof Hosting service will: Provide anonymity and protection from
Check out this short webinar on preventing ATOs that may lead to financial fraud.
