Bot armies earning their masters big money

A new security report by digital identity company ThreatMetrix says hackers are using a large army made out of "automated cyber robots”, or bots, for financial gain.

Their Q1 2016 report, entitled Q1 Cybercrime Report, says there have been 311 million bot attacks detected and stopped in this year’s first quarter.

Although the report fails to mention exactly how these bots are utilised to earn their masters money, it mentions two types of attacks: ‘loud and fast’ ones, and ‘low and slow’ ones.

It says that fraudsters first buy large batches of login credentials on the dark web, and test them to see how many are valid, causing ‘huge transaction spikes’ over a couple of days. After weeding out the bad ones, they curate a list of valid credentials, and start the ‘slower velocity’ attacks, which are apparently harder to detect.

There have been 264 million attacks detected in e-commerce in Q1, alone.

“These attacks are particularly hard to detect because they aren’t always picked up by traditional rate control measures. Our normal lines of defence just aren’t working. Businesses need a smarter approach that can differentiate between a human and a bot the moment they start to transact,” commented Vanita Pandey, vice president, strategy and product marketing at ThreatMetrix.

“Consumer data is everywhere. Fraudsters can create pitch-perfect attacks because they know so much about us. Businesses must become smarter at detecting the full spectrum of possible attacks, from huge automated identity testing sessions, to advanced social engineering attacks that hijack individual accounts. This starts with really understanding the digital identities of consumers so that high-risk behaviour can be detected in real-time.”

Photo credit: Gunnar Assmy / Shutterstock