Automated Fraud

•

0 gefällt mir•229 views

A presentation I gave at FraudCon on June 28 2017, an event which was part of CyberWeek Israel. Discussing automated fraud in the hands of attackers against commerce websites, and some ways to fight them back.

Internet

-
-
-
-
- Account takeover and abuse
- Price and content scraping
- DDOS
- Ad fraud
What are bots?
2

Bot evolution: bots are evolving rapidly
Gen 4 Bots - Infected Users
Hijacked Browsers, Fake Extensions
Gen 3 Bots - Headless Browsers
Javascript, Cookies, Engine Automation
Gen 2 Bots - Scripts + State
No Javascript, Cookies
Gen 1 Bots - Scripts
No Javascript, No Cookies

5
The Attack Vector
BOT ATTACK
ATO attack
8% Success (varies
based on database)
Yahoo! 1B
MySpace 360M
LinkedIn 164M
Adobe 153M
Badoo 112M
VK 93M
Dropbox 69M
Tumblr 65M
Mod Bus Soln 59M
Login databases stolen
100K accounts / $10
Validated account ~$3
Site fraud
BOT ATTACK
▪
▪
▪

6
They come in large numbers...
Botnet Attack
▪
▪
▪
▪ 77% of this attack
would go unnoticed
by volumetric
detection

7
… and from everywhere
Gen 2 Bots
No Javascript, Cookies
IoT Device Attack
▪
▪
▪
▪

Basic techniques
10
▪ Support multi-factor-authentication
▪ Encrypt or hash stored credentials
▪ Have good password practices
Don’t be one these guys
http://badpasswordpolicies.tumblr.com/

Monitor correctly
▪ Separate API from website – different endpoint URL
▪ Monitor logins for anomalies and spikes
▪ Lookup suspicious user-agents in github (and not just google)
http://mstajbakhsh.github.io/Microbot/
11

Detect
12
▪ Validate user is running javascript
▪ Validate a cookie
▪ Device fingerprint (https://github.com/Valve/fingerprintjs2)
▪ Track legitimate flow

Recommended resources
▪ Have I been Pwned by Troy Hunt - https://haveibeenpwned.com/
▪ Biggest breaches -
http://www.informationisbeautiful.net/visualizations/worlds-biggest-da
ta-breaches-hacks/
▪ Detection labs - https://github.com/PerimeterX/bot-tools
▪ Device Fingerprinting - https://github.com/Valve/fingerprintjs2)

Empfohlen

Debunking Myths about Malicious Bots / 악성 봇의 허상과 실상Jean Ryu

Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Hacken_Ecosystem

Log Stealers - Shopping time for Threat Actors!Speck&Tech

What is Cryptojacking and How Can I Protect Myself?Global Knowledge Training

How the BOTS Act Impacts Premium Onsales and the Ticketing Industry EcosystemDistil Networks

How To Protect Your Website From Bot AttacksLondon School of Cyber Security

Rtp rsp16-distil networks-final-deckG3 Communications

Forensic And Cloud ComputingMitesh Katira

Empfohlen

Debunking Myths about Malicious Bots / 악성 봇의 허상과 실상Jean Ryu

Pedro Fortuna - Protecting Crypto Exchanges From a New Wave of Man-in-the-Bro...Hacken_Ecosystem

Log Stealers - Shopping time for Threat Actors!Speck&Tech

What is Cryptojacking and How Can I Protect Myself?Global Knowledge Training

How the BOTS Act Impacts Premium Onsales and the Ticketing Industry EcosystemDistil Networks

How To Protect Your Website From Bot AttacksLondon School of Cyber Security

Rtp rsp16-distil networks-final-deckG3 Communications

Forensic And Cloud ComputingMitesh Katira

StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...G3 Communications

EC Council - Botnet BriefingsAditya K Sood

Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng

Union of bitcoin and APIsBBVA API Market

Cryptojacking - by Vishwaraj101v_raj

HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...Hackito Ergo Sum

Rise of the Autobots: Into the Underground of Social Network BotsTom Eston

The Quiet Rise of Account TakeoverIMMUNIO

Leveraging Honest Users: Stealth Command-and-Control of BotnetsDiogo Mónica

How bots impact major onsales [Webinar]Queue-it

Distil Network Sponsor Presentation at the Property Portal Watch Conference -...Property Portal Watch

DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...DataDome

Are Bot Operators Eating Your Lunch?Distil Networks

From russia final_bluehat10F _

OLX Ventures blockchain perspective, Feb 2018Dobo Radichkov

Outpost24 webinar - A fresh look into the underground card shop ecosystemOutpost24

Web SecurityBharath Manoharan

The ultimate guide to mining bitcoin with cryptotabSaid Dhaouadi

CryptoCurrency CashOutrodmister

Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...Distil Networks

Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy

Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney

Weitere ähnliche Inhalte

Ähnlich wie Automated Fraud

StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...G3 Communications

EC Council - Botnet BriefingsAditya K Sood

Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng

Union of bitcoin and APIsBBVA API Market

Cryptojacking - by Vishwaraj101v_raj

HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...Hackito Ergo Sum

Rise of the Autobots: Into the Underground of Social Network BotsTom Eston

The Quiet Rise of Account TakeoverIMMUNIO

Leveraging Honest Users: Stealth Command-and-Control of BotnetsDiogo Mónica

How bots impact major onsales [Webinar]Queue-it

Distil Network Sponsor Presentation at the Property Portal Watch Conference -...Property Portal Watch

DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...DataDome

Are Bot Operators Eating Your Lunch?Distil Networks

From russia final_bluehat10F _

OLX Ventures blockchain perspective, Feb 2018Dobo Radichkov

Outpost24 webinar - A fresh look into the underground card shop ecosystemOutpost24

Web SecurityBharath Manoharan

The ultimate guide to mining bitcoin with cryptotabSaid Dhaouadi

CryptoCurrency CashOutrodmister

Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...Distil Networks

Ähnlich wie Automated Fraud (20)

StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...

EC Council - Botnet Briefings

Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...

Union of bitcoin and APIs

Cryptojacking - by Vishwaraj101

HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...

Rise of the Autobots: Into the Underground of Social Network Bots

The Quiet Rise of Account Takeover

Leveraging Honest Users: Stealth Command-and-Control of Botnets

How bots impact major onsales [Webinar]

Distil Network Sponsor Presentation at the Property Portal Watch Conference -...

DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...

Are Bot Operators Eating Your Lunch?

From russia final_bluehat10

OLX Ventures blockchain perspective, Feb 2018

Outpost24 webinar - A fresh look into the underground card shop ecosystem

Web Security

The ultimate guide to mining bitcoin with cryptotab

CryptoCurrency CashOut

Field Guide To Preventing Competitor Price Scraping, Unwanted Transactions, B...

Kürzlich hochgeladen

Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy

Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg

Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney

Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156

一比一原版田纳西大学毕业证如何办理F

Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156

Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2

pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1

"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids

APNIC Updates presented by Paul Wilson at ARIN 53APNIC

20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair

Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos

Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...meghakumariji156

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC

Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...kumargunjan9515

Meaning of On page SEO & its process in detail.krishnachandrapal52

Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156

2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou

Kürzlich hochgeladen (20)

Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls

Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...

Call girls Service in Ajman 0505086370 Ajman call girls

Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room

一比一原版田纳西大学毕业证如何办理

Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia

Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf

"Boost Your Digital Presence: Partner with a Leading SEO Agency"

APNIC Updates presented by Paul Wilson at ARIN 53

20240509 QFM015 Engineering Leadership Reading List April 2024.pdf

Best SEO Services Company in Dallas | Best SEO Agency Dallas

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样

Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...

Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...

Meaning of On page SEO & its process in detail.

Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil

2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs

Automated Fraud

1. Automated Fraud June 28th 2017

2. - - - - - Account takeover and abuse - Price and content scraping - DDOS - Ad fraud What are bots? 2

3. Bot evolution: bots are evolving rapidly Gen 4 Bots - Infected Users Hijacked Browsers, Fake Extensions Gen 3 Bots - Headless Browsers Javascript, Cookies, Engine Automation Gen 2 Bots - Scripts + State No Javascript, Cookies Gen 1 Bots - Scripts No Javascript, No Cookies

4. Websites are the new bank ▪ ▪ ▪ ▪

5. 5 The Attack Vector BOT ATTACK ATO attack 8% Success (varies based on database) Yahoo! 1B MySpace 360M LinkedIn 164M Adobe 153M Badoo 112M VK 93M Dropbox 69M Tumblr 65M Mod Bus Soln 59M Login databases stolen 100K accounts / $10 Validated account ~$3 Site fraud BOT ATTACK ▪ ▪ ▪

6. 6 They come in large numbers... Botnet Attack ▪ ▪ ▪ ▪ 77% of this attack would go unnoticed by volumetric detection

7. 7 … and from everywhere Gen 2 Bots No Javascript, Cookies IoT Device Attack ▪ ▪ ▪ ▪

8. ROI ▪ ▪

9. How To Fight Back 9

10. Basic techniques 10 ▪ Support multi-factor-authentication ▪ Encrypt or hash stored credentials ▪ Have good password practices Don’t be one these guys http://badpasswordpolicies.tumblr.com/

11. Monitor correctly ▪ Separate API from website – different endpoint URL ▪ Monitor logins for anomalies and spikes ▪ Lookup suspicious user-agents in github (and not just google) http://mstajbakhsh.github.io/Microbot/ 11

12. Detect 12 ▪ Validate user is running javascript ▪ Validate a cookie ▪ Device fingerprint (https://github.com/Valve/fingerprintjs2) ▪ Track legitimate flow

13. Recommended resources ▪ Have I been Pwned by Troy Hunt - https://haveibeenpwned.com/ ▪ Biggest breaches - http://www.informationisbeautiful.net/visualizations/worlds-biggest-da ta-breaches-hacks/ ▪ Detection labs - https://github.com/PerimeterX/bot-tools ▪ Device Fingerprinting - https://github.com/Valve/fingerprintjs2)