Four Pillars of Detection Framework

Credentials are essential for automated business logic abuse. Simply put, bad guys need user accounts – either legitimate and compromised, or fake – to carry out these attacks. Our research surrounding the Credentials detection pillar will rise above the typical “high volume breach” signal noise, instead focusing on where the credentials come from, and how they are used in automated attacks.

Behavior cuts right to the heart of automated bot attacks as it represents the unique fingerprint of a bad actor when using Tools, Infrastructure and Credentials to launch the attack. Much of our research into “bot behavior” actually deals with the human element of automated bot attacks and how the human operator(s) responds to mitigation, friction or any kind of defensive action.

Tools Represent the most basic components of these type of attacks. The research surrounding this detection pillar focuses on the heuristics that deal with the immutable characteristics of the code launching the attack or, increasingly, the characteristics of off-the-shelf tools that are difficult to change for novice attackers.

Infrastructure Represents an essential resource that bad actors need to anonymize themselves and distribute/randomize their attack with the end goal of appearing to initiate “legitimate” application transactions. By correlating data across a wide range of customers with a variety of attack types, our research will expose any distinct infrastructure usage patterns.

Threat Research Reports

Bulletproof Proxies: The Evolving Cybercriminal Infrastructure

A research report on the underground infrastructure that facilitates malicious bot attacks.
Download Now