Security News
The Ukrainian Security Service has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news. The network, which operated in Kharkiv, Cherkasy, Ternopil, and Zakarpattia, aimed to discourage Ukrainian citizens and instill panic by distributing false information about the Russian invasion and the status of the defenders.
Netacea announced the results from a new report showing that most businesses do not fully understand the threat bots pose, leaving those organizations vulnerable to threats. The report surveyed 440 businesses across the travel, entertainment, eCommerce, financial services, and telecoms sectors in the US and the UK. The report found that while most businesses were aware that bots were an issue, many were confused about where attacks originate and what technologies and techniques were effective against bots.
As for its endgame, CPR researchers described the newly discovered and analyzed Electron Bot backdoor as "a modular SEO-poisoning malware" used "For social-media promotion and click fraud." Electron Bot can also promote online products: another way to generate PPC revenue or increase a store's rating for higher sales.
Just since Feb. 1, analysts have watched phishing email attacks impersonating LinkedIn surge 232 percent, attempting to trick job seekers into giving up their credentials. The phishing emails themselves were convincing dupes, built in HTML templates with the LinkedIn logo, colors and icons, the report added.
An IRC bot strain programmed in GoLang is being used to launch distributed denial-of-service attacks targeting users in Korea. "Additionally, the DDoS malware was installed via downloader and UDP RAT was used."
While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. Patterns observed include irregular domain names, domain resolving to an untrusted web app, SSL not enabled.
Kasada released new data on the latest fraud and malicious automation trends, revealing increased threats during the holidays; rising attacks by bots; and the discovery of a new amped up All in One Grinch Bot that is being used extensively during hype drop sales. Majority of Black Friday bad bots come from the USA, followed by Australia and the UK. "As we approach 2022, the frequency and severity of bad bots continue to threaten online businesses," said Sam Crowther, CEO, Kasada.
All-in-one Grinch bots are working over time this holiday season and using automation to steal gift cards and scoop up limited quantities of in-demand products. The Kasada Threat Intelligence Team identified these bad bot trends during the online holiday shopping season, based on data from the company's e-commerce customers.
Much like sappers getting behind enemy lines to attack and destroy critical infrastructure, threat actors know how to avoid tripwires and stay below the threshold of detection while initiating an attack. To counter those efforts, organizations need to gain a better understanding of the new attacker toolbox and employ solutions that take a more holistic view of defense.
Netacea announced results from a report that shows skewed analytics caused by bots cost businesses just as much as click fraud, despite click fraud's much bigger profile. Ad fraud and skewed analytics caused by bots cost businesses 4% of their revenue.