With artificial intelligence added into the mix, bots are now able to mimic humans with greater accuracy, and make it look like someone is actually interacting with a form on a web page, creating a greater fraud risk.
The cybercrime economy is estimated to reap $1.5 trillion in profits a year, according to a Bromium/Ponemon study. Those profits are in part achieved by bots and botnets, the automated workers of the internet.
Bots are expected to account for more than 50% of all internet traffic by the end of the year. With 1.9 billion records exposed during the first three months of 2019, not counting the 275 million records recently exposed on the internet, there is a tidal wave of personal information for cybercriminals to launch nonstop credential stuffing and brute force attacks.
The aim of these attacks is to utilize exposed personal information and credentials to access existing accounts, as well as create new online accounts, to steal money, goods and services, and rewards points.
Research from NuData Security shows that 50% of logins to customer portals in the retail sector alone during the 2018 holidays were fraudulent, and thus far in 2019 fraudulent logins have made up at least half of the total recorded traffic. There was also a noted increase of 115% in botnet attack behavior and a 388% increase in spoofed behavior from cloud-hosted IPs, which shows that attackers are increasingly using cloud-hosted services to bypass known networks to execute their mass-scale attacks.
Many organizations have instituted a wide variety of anti-bot solutions in this epic battle to block the bots. However, cybercriminals are employing new, sophisticated techniques in an attempt to get around the latest technologies. While organizations are being blasted with bot attacks like credential stuffing and brute force attacks, they are missing the low and slow bot attempts that are cloaked behind the massive attacks that divert attention and resources. They are also spending large amounts of money on technology infrastructure to service this zero-value attack traffic.
The arsenal for bad actors includes spoofing cookies, devices, geolocations, providers and more, along with the delivery of obfuscated code. While server-side scripting is more easily spotted, injecting malicious code through APIs is much more difficult to identify. Abusing aggregator services that allow consumers to view multiple financial accounts from different institutions on one page lets bad actors test and take over accounts without breaking a sweat.
