Transform with Cloud to drive your Future | AWS Summit Tel Aviv 2019
Die SlideShare-Präsentation wird heruntergeladen.
×
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Ähnlich wie What is a Bot and why you should care (20)
Weitere von Elisabeth Bitsch-Christensen (15)
Aktuellste (20)
What is a Bot and why you should care
- 1. © 2019 Akamai | Confidential1 Trust No One City Tour What is a bot and why you should care Xavier Daspre Sr. Cloud Security Architect - EMEA
- 2. © 2019 Akamai | Confidential2 AGENDA • Understanding the bot problem • Bots families • Nice business • Wrap up
- 3. © 2019 Akamai | Confidential3 What is a bot ?
- 4. © 2019 Akamai | Confidential4 THE “BOT PROBLEM” Understanding the bots… Your site traffic What you think your traffic looks like What your traffic actually looks like
- 5. © 2019 Akamai | Confidential5 Those who eat
- 6. © 2019 Akamai | Confidential6 How to scrap digital content Protect content
- 7. © 2019 Akamai | Confidential7 Scrap and consume
- 8. © 2019 Akamai | Confidential8 Transactional Endpoints- Two Classes of Bots 1. Scraping Bots 2. Transactional Bots Example1 : Price Scraping (Good or Bad) Example2 : Content Scraping (Good or Bad) Example3 : Google Web Crawler (Good)
- 9. © 2019 Akamai | Confidential9 Transactional Endpoints- Two Types 1. Scraping Bots 2. Transactional Bots Example 1 : Login Attack :: Credential Abuse (Bad) Example 2 : Fake Account Signup (Bad) Example 3 : Concert Ticket Grabbers (Bad)
- 10. © 2019 Akamai | Confidential10 Those who attack
- 11. © 2019 Akamai | Confidential11 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Sign In CS User name Password
- 12. © 2019 Akamai | Confidential12 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. CS User nameXavie PasswordLet’s talk credential stuff Sign InSign In in r g
- 13. © 2019 Akamai | Confidential13
- 14. © 2019 Akamai | Confidential14
- 15. © 2019 Akamai | Confidential15 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Sign In CS Xavier Let’s talk credential stuffing
- 16. © 2019 Akamai | Confidential16 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Sign In CS Xavier Let’s talk credential Sign In stuffing
- 17. © 2019 Akamai | Confidential17 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Sign In ABC User name Password
- 18. © 2019 Akamai | Confidential18 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. ABC User nameXavier PasswordLet’s talk credential Sign InSign In stuffing
- 19. © 2019 Akamai | Confidential19 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Sign In AFF User name Password
- 20. © 2019 Akamai | Confidential20 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. AFF User nameXavier PasswordLet’s talk credential Sign InSign In stuffing
- 21. © 2019 Akamai | Confidential21 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. My-Carrier 12:00 PM 21% Edit Hello! Sign in to access your money. Sign In User name Password
- 22. © 2019 Akamai | Confidential22 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. My-Carrier 12:00 PM 21% Edit Hello! Sign in to access your money. Sign In User nameXavier PasswordLet’s talk credential Sign In stuffing
- 23. © 2019 Akamai | Confidential23 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Xavier D paid Joe Smith for the lulz Like Comment $-1,999.00 1m Xavier D paid AdultFriendFinder for XoXoXo Like Comment $-1,000.00 1m Xavier D paid Need Mulaah for alcohol and drugs Like Comment $-1,500.00 1m Xavier D paid YouGotPwned for 10QSucka Like Comment $-1,999.00 1m Xavier D @Xavier_D Member since Yesterday Account balance: $6,500.00 My-Carrier 12:00 PM 21% Edit $4,501.00$3,501.00$2,001.00$2.00 2m 3m 4m 2m 3m 2m
- 24. © 2019 Akamai | Confidential24 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Xavier D paid YouGotPwned for 10QSucka Like Comment $-1,999.00 1m Xavier D paid Need Mulaah for alcohol and drugs Like Comment $-1,500.00 2m Xavier D paid AdultFriendFinder for XoXoXo Like Comment $-1,000.00 3m Xavier D paid Joe Smith for the lulz Like Comment $-1,999.00 4m Xavier D paid YouGotPwned, Need Mulaah, AdultFriendFinder, and Joe Smith Like Comment WTF? $-6,498.00 Xavier D @Xavier_D Member since Yesterday Account balance: $2.00 My-Carrier 12:00 PM 21% Edit
- 25. © 2019 Akamai | Confidential25 Xavier D paid YouGotPwned, Need Mulaah, AdultFriendFinder, and Joe Smith Like Comment WTF? $-6,498.00 Xavier D @Xavier_D Member since Yesterday Account balance: $2.00 My-Carrier 12:00 PM 21% Edit WTF?
- 26. © 2019 Akamai | Confidential26 Credential Abuse to ATO
- 27. © 2019 Akamai | Confidential27 Darknet insight : Sales !
- 28. © 2019 Akamai | Confidential28 Darknet insight : Sell the valued accounts
- 29. © 2019 Akamai | Confidential29 Money lost to fraud per compromised account 25% 29% 22% 14% 10% Less than $100 $100 to $500 $501 to $1,000 $1,001 to $5,000 More than $5,000 Ponemon—The Cost of Credential Stuffing, Oct 2017 BUSINESS IMPACT Understanding the cost of credential stuffing Number of accounts targeted per attack 19% 35% 28% 11% 7% 1 to 100 101 to 500 501 to 1,000 1,001 to 5,000 More than 5,000 Number of credential stuffing attacks per month 0% 41% 38% 12% 9% None 1 to 5 6 to 10 11 to 20 More than 21
- 30. © 2019 Akamai | Confidential30 Industry IPs Participating Login Requests % of Total Requests Gaming 7,712,894 1,358,045,044 61.30% Hotels & Resorts 122,026 232,309,946 10.49% Cards & Payments 477,507 148,304,255 6.69% Department Stores 326,151 104,748,065 4.73% Commerce Portal 66,321 60,199,822 2.72% Banking 349,474 55,356,808 2.50% Airline 86,346 41,004,594 1.85% Cosmetics 82,808 38,197,524 1.72% Consumer Software (B2C) 224,707 28,202,339 1.27% Social Media 127,396 26,557,605 1.20% Enterprise Software (B2B) 21,290 25,383,158 1.15% Consumer Electronics 50,984 25,264,381 1.14% Apparel & Footwear 66,414 19,692,260 0.89% Online Travel Agents 102,555 8,935,366 0.40% Federal 3,403 7,454,257 0.34% INDUSTRY BREAKDOWN A 1-week view into Akamai customers
- 31. © 2019 Akamai | Confidential31 • Majority of IPs performing credential stuffing make less than 1 request per minute • Average is 28 requests per hour • Maximum request rate observed from a single IP during the sampled period - 625,000 requests per hour (173 login requests per seconds) Rate Controls are only effective against the rare bots that fall outside typical human request rate thresholds ATTACK CHARACTERISTICS What an attack looks like
- 32. © 2019 Akamai | Confidential32 CONSEQUENCES Wide-ranging impacts of credential stuffing 5% 17% 41% 43% 50% 63% 67% Other Damaged brand equity from news stories or social media Lost business due to customers switching to competitors Compromised accounts leading to fraud-related financial losses Lower customer satisfaction Cost to remediate compromised accounts Application downtime from large spikes in login traffic
- 33. © 2019 Akamai | Confidential33 RESPONSIBILITY Dispersed throughout the organization 5% 2% 3% 3% 9% 13% 16% 20% 21% 28% 3% 40% Other Compliance / audit CEO / COO Head of legal Data center / IT… Web hosting service… Head of risk… CISO / CSO Fraud prevention /… CIO / CTO Line of business /… No one function has…
- 34. © 2019 Akamai | Confidential34 IP Rate Limiting Network Header Analysis Browser Property Analysis BM Premier exploits ”what makes us human”. Neuro-muscular interaction is much harder for machine scripts to replicate. Traditional Methods : Less Effective against Credential Abuse. How Akamai approaches the challenge
- 35. © 2019 Akamai | Confidential35 Conclusion
- 36. © 2019 Akamai | Confidential36 Achieving desired outcomes AKAMAI DIFFERENCE Ability to manage bot traffic on the Akamai CDN before it reaches your website, offloading your origin infrastructure The latest technologies that can detect the most sophisticated bots today even as they evolve to avoid detection Real-time intelligence from visibility into bot traffic interacting with many of the largest web presences around the world Ability to manage wide array of both good and bad bots and customize response based on your business and IT goals Granular visibility / reporting allows you to analyze your bot traffic and implement your bot strategy without being a black box Security experts who can help implement and tune your bot management strategy and respond to security events
- 37. © 2019 Akamai | Confidential3737 | Akamai Nordics City Tour | © 2019 Akamai | Confidential Thanks for your attention Questions ?!
- 38. © 2019 Akamai | Confidential38
