phishing attacks - X-Industry - Red Sky Alliance2024-03-29T08:17:55Zhttps://redskyalliance.org/xindustry/feed/tag/phishing+attacksBad Bots Account for 73% of Internet Traffichttps://redskyalliance.org/xindustry/bad-bots-account-for-73-of-internet-traffic2023-11-23T13:00:00.000Z2023-11-23T13:00:00.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}12296625485,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12296625485,RESIZE_400x{{/staticFileLink}}" alt="12296625485?profile=RESIZE_400x" width="250" /></a>Arkose Labs <a href="https://www.arkoselabs.com">https://www.arkoselabs.com</a> has analyzed and reported on tens of billions of bot attacks from January through September 2023, collected via the Arkose Labs Global Intelligence Network. Bots are automated processes acting out over the internet. Some perform useful purposes, such as indexing the internet, but most are Bad Bots designed for malicious ends. Bad Bots are increasing dramatically, and Arkose estimates that 73% of all internet traffic currently (Q3, 2023) comprises Bad Bots and related fraud farm traffic.<a href="#_ftn1">[1]</a></p>
<p>Internet bots are software applications designed to automate many tedious and mundane tasks online. They’ve become an integral part of what makes the Internet tick and are used by many Internet applications and tools. For example, search engines like Google rely on bots that crawl through web content to index information. Bots go through millions of web pages’ text to find and index terms that these pages contain. So, when a user searches for a particular time, the search engine will know which pages have that specific information.</p>
<p>Travel aggregators use bots to continuously check and gather information on flight details and hotel room availabilities to display the most up-to-date information for users. This means that users no longer need to check different websites individually. The aggregators’ bots consolidate all of the information, allowing the service to display the data simultaneously.</p>
<p>Thanks to artificial intelligence and machine learning developments, bots are also being used to complete more complex tasks. Business intelligence services use bots to crawl through product reviews and social media comments to provide insights on how a particular brand is perceived.</p>
<p>The top five categories of Bad Bot attacks are:</p>
<ul>
<li>Fake account creation</li>
<li>Account takeovers</li>
<li>Scraping,</li>
<li>Account management</li>
<li>In-product abuse</li>
</ul>
<p>These have not changed from Q2, other than in-product abuse replacing card testing. The most significant increases in attacks from Q2 to Q3 are SMS toll fraud (up 2,141%), account management (up 160%), and fake account creation (up 23%).</p>
<p>The top five targeted industries are technology (Bad Bots comprise 76% of its internet traffic), gaming (29% of traffic), social media (46%), e-commerce (65%), and financial services (45%). If a bot fails in its purpose, there is a growing tendency for criminals to switch to human-operated fraud farms. Arkose estimates there were over 3 billion fraud farm attacks in H1 2023. These fraud farms appear to be located primarily in Brazil, India, Russia, Vietnam, and the Philippines.</p>
<p>The growth in the prevalence of Bad Bots is likely to increase for two reasons: the arrival and general availability of artificial intelligence (primarily gen-AI) and the increasing business professionalism of the criminal underworld with new Crime-as-a-Service (CaaS) offerings.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/crime-as-a-service-caas">https://redskyalliance.org/xindustry/crime-as-a-service-caas</a></p>
<p>From Q1 to Q2, intelligent bot traffic nearly quadrupled. “Intelligent [bots] employ sophisticated techniques like machine learning and AI to mimic human behavior and evade detection,” notes the report (PDF). “This makes them skilled at adaptation as they target vulnerabilities in IoT devices, cloud services, and other emerging technologies.” They are widely used, for example, to circumvent the 2FA defense against phishing.</p>
<p>Separately, the rise of artificial intelligence may or may not relate to a dramatic increase in ‘scraping’ bots that gather data and images from websites—from Q1 to Q2, scraping increased by 432%. Scouring social media accounts can pick the type of personal data that gen-AI can use to mass produce compelling phishing attacks. Other bots could then be used to deliver account takeover emails, romance scams, etc. Scraping also targets the travel and hospitality sectors.</p>
<p>Scraping, it must be said, is a legally murky area. It is not specifically illegal, but if it defies a website’s published terms of use, it is certainly immoral. Some services openly offer web scraping facilities. This case demonstrates the relationship between CaaS, AI, and bots (here primarily scraping).</p>
<p>“This is a website you can use to make sure your bots aren’t getting prevented by a website,” Kevin Gosschalk, founder and CEO of Arkose Labs, said, referring to a specific provider that will not be mentioned. “You can purchase this software. It has enterprise support and so on. But it is purpose-built to commit a crime. That is what it does. And there are many other different websites like this, but they look like legitimate businesses. It is a good example of a product purpose-built to commit fraud.”</p>
<p>It is also an excellent example of Crime-as-a-Service. CaaS enables wannabe criminals who may have the intent but not the skills to engage in cybercrime. “The massive rise of CaaS has completely changed the economics for adversaries,” continued Gosschalk. “It’s much cheaper to attack companies, and the attacks are just better because it’s a dev shop doing the attacks instead of just individual cybercriminals.”</p>
<p>The continuing increase in the volume of Bad Bots suggests they remain profitable for the criminals. The arrival of gen-AI will improve the performance of Bad Bots, while the growth of CaaS will increase the number of Bad Bot operators so that it will get worse. The only solution is Bad Bot detection and mitigation to limit the bots' access to their human or system targets. If it is not profitable, they will not do it.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, a demo, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941%C2%A0">https://www.linkedin.com/company/64265941 </a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.securityweek.com/bad-bots-account-for-73-of-internet-traffic-analysis/">https://www.securityweek.com/bad-bots-account-for-73-of-internet-traffic-analysis/</a></p></div>Will You be Buying Holiday Gifts for Hackers this Season?https://redskyalliance.org/xindustry/holiday-gifts-for-hackers-this-season2020-11-18T20:06:05.000Z2020-11-18T20:06:05.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}8184684275,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8184684275,RESIZE_400x{{/staticFileLink}}" alt="8184684275?profile=RESIZE_400x" width="250" /></a>The 2020 Holidays are here and many global and domestic economies are preparing for the subsequent shopping. This buying season is being executed in an environment that has changed entirely due to the Corona Pandemic lockdowns and fears of virus infection. This creates – buying on-line. It is estimated that this will be the largest on-line/eCommerce holiday season ever. As tradition on Black Friday was once, consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in past seasons. They are going to use new web based services to find the best prices (and guaranteed and free delivery), check their reward point balances, and hopefully use loyalty programs to gain some discounts or other perks just for being a member, to increase their holiday spending budgets.<a href="#_ftn1">[1]</a></p>
<p>Cybercriminals are already introducing new scams ahead of Black Friday and Cyber Monday. The number of online holiday shoppers this year is expected to climb sharply due to the pandemic and consequently, consumers can expect a blitz of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. A recent study revealed that 62 percent of consumers shop more online now than before COVID-19. From a cybercriminal perspective, this skyrocketing level of online shoppers translates to more potential victims.</p>
<p>Hackers are looking to cash in on the top shopping days in the US Black Friday and Cyber Monday as well as other events, like Singles’ Day, which recently occurred in China. “Retailers have also been hit hard by the pandemic, and will likely send out even more emails showcasing their discounts and offers, which can be easily spoofed to trick consumers,” Egress CEO said in an email. “Recipients hunting for a good deal may find it difficult to differentiate between the swarm of legitimate emails, and phishing attacks trying to steal their data.”</p>
<p>During 2019, researchers said that social-media scams and domain-impersonation scams were some of the biggest types of attacks during the holiday shopping season. These scams were bent on either stealing credentials or payment data from unsuspecting shoppers or distributing malware onto their systems. This year, researchers say phishing attacks will continue to pose as a top threat during the holiday season. These types of attacks are increasingly getting more convincing and harder for recipients to spot. Attackers are using sophisticated tactics including visual CAPTCHAS<a href="#_ftn2">[2]</a> to target Office 365 users and token-based authorization methods.<a href="#_ftn3">[3]</a></p>
<p><a href="{{#staticFileLink}}8184684872,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8184684872,RESIZE_400x{{/staticFileLink}}" alt="8184684872?profile=RESIZE_400x" width="250" /></a>Authorities worldwide are already warning of a slew of scams leading up to the holiday season. Ahead of Singles’ Day, authorities in China warned of a “fake refund” phone scam where attackers impersonate a customer service officer from various brands to tell customers that a recent purchase is out of stock and promises a refund if they hand over their bank account details. According to the UK’s BBC, the scam recently cost one woman $30,000. The digital age is now and we are all targets for scammers on our social media accounts, cell phones, email, texts, message services and even landline telephones for those who have not yet joined the 21st Century. Cyber threat researchers have recently deleted fax machines from this list. (Ha!)</p>
<p>The US based Better Business Bureau (BBB), recently warned of scammers taking advantage of virtual holiday events, such as holiday markets and craft fairs, by creating phony copycat events that will charge for admission and steal victims’ credit-card information. “In another twist on this scam, some virtual holiday markets have a website or social media page where vendors can post photos of their products and links to their websites,” according to the BBB. “Be careful here too. Some consumers reported to BBB that they the clicked the links provided, thinking they lead to an online shop. Instead, these merchant sites downloaded malware.”</p>
<p>Consumers should always check email sender details carefully and hover over links before they click. “If you’re still not sure, you can always reach out to the retailer via their website, to check that the email you received is genuine. There are also lots of online resources to check out for more information, including many run by Government organizations,” warned a cyber security expert. </p>
<p>Once again, if an on-line offer or coupon seems too good to be true, please beware it most likely is not. Cyber actors are planning to fill your email account mail boxes and cell phones with offers that are only a “Click Away.” And your device will quickly be compromised. If a coupon or “Deal” is real, it will be posted on the merchant’s web site. Do not just click on a link made “conveniently available” on their email notification. Please take the extra few minutes to confirm an offer with the merchant’s or manufacturer’s real URL, not a typo squatted look-alike. The cyber thieves will also be promoting spoofed web sites that look, “just like the real web site,” to trick buyers into entering credit card information. Caveat Emptor, or “Buyer Beware” for the holiday and post-holiday buying seasons.</p>
<p>Red Sky Alliance has been has analyzing and documenting cyber threats and vulnerabilities for over 9 years and maintains a resource library of malware and cyber actor reports.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings: <a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a></p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://threatpost.com/scams-black-friday-cybercriminal-craze/161239/">https://threatpost.com/scams-black-friday-cybercriminal-craze/161239/</a></p>
<p><a href="#_ftnref2">[2]</a> a program or system intended to distinguish human from machine input, typically as a way of thwarting spam and automated extraction of data from websites.</p>
<p><a href="#_ftnref3">[3]</a> <a href="https://www.itpro.co.uk/security/357796/sharp-spike-in-phishing-attacks-in-the-weeks-ahead-of-black-friday">https://www.itpro.co.uk/security/357796/sharp-spike-in-phishing-attacks-in-the-weeks-ahead-of-black-friday</a></p></div>