Understanding the Tactics, Techniques and Procedures (TTPs) used by cybercriminals to execute an attack requires an ongoing analysis of the respective tools, infrastructure, credentials and behavior, or what we define as our Four Pillars of Detection framework. This framework is used to answer the following questions:
The threat research into the Four Pillars of an attack will provide valuable insights that will enhance your ability to detect and defend against these sophisticated attacks.
An essential for automated business logic abuse such as account takeovers and fake account creation, cybercriminals need either legitimate and compromised, or fake credentials to carry out these attacks. The credentials research focuses on where the credentials come from, and how they are used in these attacks.
The most basic components of these type of attacks, the tools research focuses on the heuristics of the immutable characteristics of the code launching the attack. Increasingly, customized, one-off tools are being replaced by commercially available tools, making it easier to launch common attacks, yet more difficult for novice users to create sophisticated attacks.
An essential resource that bad actors need to anonymize themselves and distribute/randomize their attack with the end goal of appearing to initiate “legitimate” application transactions. By correlating data across a wide range of customers with a variety of attack types, our research will expose any distinct infrastructure usage patterns.
The heart of automated bot attacks, behavior represents the unique fingerprint of a cybercriminal that is using tools, infrastructure and credentials to launch the attack. Much of our research into “bot behavior” actually deals with the human element of automated bot attacks and how the cybercriminal responds to mitigation, friction or any kind of defensive action.
Gain valuable insight into how automated attacks operate and how you can prevent them.
The last Tales from the Frontlines post focused on a single customer and the attack volume increase they experienced following the COVID-19 lockdown. In this installment, we will look at the increasingly sophisticated game of cat and mouse defenders are playing with attackers, including high-volume diversionary tactics commonly used as
This blog will describe how account takeovers (ATO) can be executed against APIs using GET methods, as opposed to POST. It's an excellent example of how bad actors will analyze an application to uncover potential attack vectors. A Brief Primer on GET and POST The GET method allows you to fetch
The concept of Bulletproof Hosting is relatively well known in the security universe. These services allow customers to upload and distribute malware, illegal pornography, manage phishing sites, and host other well-known security threats. From the perspective of an attacker, a good Bulletproof Hosting service will: Provide anonymity and protection from
Check out this short webinar on preventing ATOs that may lead to financial fraud.
