Malware and Bots continue to be an issue for businesses, security professionals, and ultimately consumers.
For example, recently the source code for a new variant of Exobot was leaked online. Exobot is a malware that targets Android users via malicious apps. Once installed, Exobot creates an overlay when the user accesses a banking website and captures their banking credentials that allows the hacker to perform account takeover on the consumer.
A new variant of Trickbot, another malware that targets customers of large banks and steals their credentials, was also recently discovered. It is a banking trojan that is often delivered as an email attachment that has been updated with new techniques to evade malware detection programs.
TrickBot is actually part of a botnet and has been combined with other malware strains to further exploit financial gains via account takeover. A malicious bot is a form of malware designed to infect a host and connect back to a central server or servers that act as a command and control center for an entire network of compromised devices, or “botnet.” The growth of bots on the net is well documented. In fact, the security firm Imperva found in a recent study that more than half of web traffic was generated by bots rather than humans in 2016.
Bots are increasingly an area of concern because they are commonly used to engage in a number of suspicious activities. These include spam, phishing, fake social media accounts, DDoS attacks, and other malicious activities.
Generally speaking, bots can fit into two basic categories: bad bots and good bots. Bad bots are used by fraudsters with malicious intent to harm or defraud. Some of the most egregious types of bots are deployed by fraudsters to take over consumers’ personal accounts, something that is becoming more widespread in part because of the high return on the fraudsters’ investment.
To detect and stop bots requires diligence surrounding security and having a multi-layered approach to device intelligence and authentication. One way to identify bots from humans lies in a bot’s pattern. The pattern behind bot attacks is their high rate of speed. Technology is available that can detect potential velocity attacks, a sign of bots. The technology enables organizations to identify and screen out bots. Such solutions work by flagging devices that are used to perform multiple unusual behaviors, typically at a high rate of speed. If a device performs multiple login attempts on multiple accounts over a short period of time, this could signal the use of a bot.
The next-generation arsenal of bot-prevention tools includes device intelligence, device fingerprinting, malware detection, machine learning, and behavioral analysis. This model relies more on identifying the bot at the device level or identifying behavior, such as the fact that a mouse or keyboard isn’t used, which may indicate a bot. It is important to employ both static techniques, such as detecting the presence of malware on the device and a more comprehensive behavioral analysis, such as a high number of attempts, a high number of failures, unusual traffic patterns, and unusual speed of access and access attempts. This combination of techniques can be more accurate and is not easily fooled.
Fraudsters will continue to grow more sophisticated in their attacks. However, advancements in detection methods and security technology make it possible for organizations to manage these risks. The InAuth Security Platform provides device intelligence and risk assessment solutions to more consistently identify and better validate the trustworthiness of the devices transacting within your digital channels. Key to our device risk assessment is to identify when devices are returning at a high rate of speed as well as evidence of device attribute spoofing, which can be indicators of bots. Some of the risk flags we look for are seeing the same device over many IP addresses, a high frequency of the same device over a short period of time, the use of proxies, and device attribute mismatches. Likewise, to scan for malware threats, the InAuth malware research team utilizes over 50 industry leading malware feeds. Malware signature lists are updated as threats evolve and require no download by clients or marketplace push to the app store.
Photo source: Flickr