April 20, 2018
April 18, 2018
Posted February 29, 2016
If you asked the CEO of a small business what his primary concerns were, how often would botnet detection top the list? Yet organized fraud attacks continue to increase in severity and persistence, and emerging businesses must beware. A year or two ago, emerging businesses may have been thinking about how to detect isolated fraudsters from their database of great customers. 2016 could be the year when in fact we ask: how do we detect the goodies from the sea of baddies?
It’s a pretty dire thought, but as organized fraud attacks become larger and more relentless, they have the power to fell a new business in one swipe of their Trojan sword. Businesses must ask themselves: could we survive a security breach? What damage could our data do in the hands of a cybercriminal? Data is precious, customer trust even more so. Business success may boil down to effectiveness of fraud defenses.
The botnet army
One particularly worrying trend for new businesses is the relentless evolution of bot attacks. Bots and their networked counterparts, botnets, are the malicious army of the cybercrime world. They’re typically a series of computers infected with malware that are controlled by hackers to run huge, networked automated tasks. ThreatMetrix has seen a worrying rise in botnet attacks over the last year – we detected 230 million attacks in Q4 alone.
Botnets are used to:
It’s these types of attacks that should put new businesses on high alert. They spend much of their first year investing in acquisition; building up a loyal database of great customers. An automated attack could be devastating. Although a DDoS attack may quickly disable a website, other types of botnet attacks could actually be worse.
A botnet creating new accounts with stolen credentials strikes. How could a new business detect whether the 100 new accounts added to their database are legitimate? For a fledgling start-up, every new customer is incredibly valuable. What impact could a large volume of fraudulent new accounts have on overall business success? Or what if the attack was an automated identity testing session that hacked in to existing customer accounts and stole sensitive credentials? Hard fought and hard won. Would customer trust be irreparably damaged?
Organized botnet attacks are clever and unforgiving. They are looking for the next easy target and a new business may well be it. Perhaps the focus should not simply be about acquiring new customers, or even about keeping the fraudsters out, but actually detecting who the good customers are among the onslaught of automated attacks.
The botnet disguise
Fraudsters are compounding the problem by adjusting their botnet attack patterns to mimic usual customer behavior: low and slow tactics rather than high volume / high frequency. This manages to bypass traditional web application firewall (WAF) solutions that would detect high volume DoS attacks.
The problem is that WAFs were designed to prevent attacks against Web services – not those on customer identity. As a result, they rely heavily upon IP Reputation services and IP velocity filters to detect bots. This method has been proven ineffective against bots that rotate IP addresses and have access to previously leaked user credentials, often from another site, enabling them to fly under the radar.
Fighting clever tactics with the power of shared intelligence
The good news for business owners is that by leveraging the power of shared global intelligence, botnets can be stopped in their tracks. ThreatMetrix offers the following key solutions: