Security News

Cybercriminals are using Telegram bots to steal one-time password tokens and defraud people through banks and online payment systems, including PayPal, Apple Pay and Google Pay, new research has found. Threat actors are using Telegram bots and channels and a range of tactics to gain account information, including calling victims, and impersonating banks and legitimate services, researchers said.

Bot attack volumes grew 41% year over year with human-initiated attacks falling 29%, according to a report from LexisNexis Risk Solutions. The report confirms earlier trend patterns showing the financial services industry and media businesses bear the brunt of increased automated bot network attacks.

Automated traffic takes up 64% of internet traffic - and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals. These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots.

Netacea announced results from a report that reveals the high price that businesses pay because of unwanted bot traffic. According to survey respondents, automated bots operated by malicious actors cost businesses an average of 3.6% of their annual revenue.

Microsoft has announced that the Web Application Firewall bot protection feature has reached general availability on Azure Application Gateway starting this week. Azure Web Application Firewall is a cloud-native service designed to protect customers' web applications from bot attacks, common exploits, as well as common web vulnerabilities, including cross-site scripting, SQL injection, broken auth, security misconfigurations, and more.

HUMAN Security announced its newly-named BotGuard and a range of new features to further help enterprise customers defend their website and mobile applications from sophisticated bot attacks and fraud. BotGuard is powered by the Human Verification Engine, which combines technical evidence, machine learning, and continuous adaptation to deliver "Human or not" bot detection decisions with accuracy.

Fake accounts are used for other purposes too: Facebook for instance last fall announced the takedown of 14,000 fake accounts used to spread disinformation in the 2020 election. Fake-account creation and utilizing fake accounts is a problem for not only social-media platforms but almost any enterprise that has a system that collects accounts for any purpose.

The Business Logic Attack Definition Framework sets the stage for shared understanding and knowledge among vendors, cybersecurity professionals and customers who are proactively tackling an increasing number of malicious bot threats. Once the attack stages for a scalper bot attack were confirmed, Netacea analysed the tactics, techniques and processes of other types of bot attacks and captured all automated bot threats and their lifecycles in a series of comprehensive kill chains.

Targeting Windows and Linux systems, the Necro Python bot changes its code to evade traditional security detection, says Cisco Talos. Though a bot sounds like it might be limited in intelligence and flexibility, a sophisticated bot can do a lot of damage on behalf of the attacker.

DataDome, a company that provides a SaaS solution for protecting businesses against bad bots and fraud, this week announced that it raised $35 million in a Series B funding round. The investment round, which brings the company's total funding to nearly $40 million, was led by venture capital firm Elephant, with participation from ISAI. DataDome plans on investing the money in sales, marketing, and R&D. DataDome has developed an AI-powered platform that processes vast amounts of data in an effort to provide protection against various types of online threats, including payment fraud, DDoS attacks, account takeover attempts, and web scraping.