Security News

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud
2021-12-29 19:13

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. Patterns observed include irregular domain names, domain resolving to an untrusted web app, SSL not enabled.

Bots are stealing Christmas!
2021-12-24 05:30

Kasada released new data on the latest fraud and malicious automation trends, revealing increased threats during the holidays; rising attacks by bots; and the discovery of a new amped up All in One Grinch Bot that is being used extensively during hype drop sales. Majority of Black Friday bad bots come from the USA, followed by Australia and the UK. "As we approach 2022, the frequency and severity of bad bots continue to threaten online businesses," said Sam Crowther, CEO, Kasada.

Grinch bots hijack all kinds of holiday shopping, from gift cards to hype drop sales
2021-12-23 18:35

All-in-one Grinch bots are working over time this holiday season and using automation to steal gift cards and scoop up limited quantities of in-demand products. The Kasada Threat Intelligence Team identified these bad bot trends during the online holiday shopping season, based on data from the company's e-commerce customers.

From DDoS to bots and everything in between: Preparing for the new and improved attacker toolbox
2021-12-08 07:00

Much like sappers getting behind enemy lines to attack and destroy critical infrastructure, threat actors know how to avoid tripwires and stay below the threshold of detection while initiating an attack. To counter those efforts, organizations need to gain a better understanding of the new attacker toolbox and employ solutions that take a more holistic view of defense.

Skewed analytics caused by bots damage businesses as much as ad fraud
2021-12-08 06:00

Netacea announced results from a report that shows skewed analytics caused by bots cost businesses just as much as click fraud, despite click fraud's much bigger profile. Ad fraud and skewed analytics caused by bots cost businesses 4% of their revenue.

Twitter bots pose as support staff to steal your cryptocurrency
2021-12-07 09:04

If those phrases are present, these same programs will direct Twitter bots under the scammer's control to automatically reply to the tweets as fake support agents with links to scams that steal cryptocurrency wallets. In tests conducted by BleepingComputer, tweets containing the words 'support,' 'help,' or 'assistance' along with the keywords like 'MetaMask,' 'Phantom,' 'Yoroi,' and 'Trust Wallet' will result in almost instantaneous replies from Twitter bots with fake support forms or accounts.

Bots are lurking in your zombie and shadow APIs
2021-11-18 06:35

Zombie APIs commonly arise when old and less secure versions of your APIs are left to live another day. For some reason, finding shadow and zombie APIs seems to be a much easier task for bad actors than it is for internal security and risk teams.

Despite spending millions on bot mitigation, 64% of organizations lost revenue due to bot attacks
2021-10-25 04:00

The state of bot mitigation 64% of organizations lost more than 6% of their revenue due to bot attacks, and 32% lost 10% or more within the last year. 64% of organizations lost 6% or more of their revenue due to bot attacks, and 32% report that their organizations lost 10% or more of revenue within the last 12 months.

Bots to become the future of work and provide ROI to organizations using them
2021-10-19 04:00

Bots - software applications that are programmed to do certain tasks without human intervention - have already experienced a surge in demand due to the pandemic, and 84% of respondents expect companies to integrate even more bots in the next five years. "When implemented and maintained properly, bots can help employees work more effectively and efficiently by undertaking simple, time-consuming tasks, which also drives cost savings for companies. Staying on the leading edge of the future of work with best-in-class technology, including bots and other automated solutions, can also help keep employees happy in their roles."

Ukrainian police arrest DDoS operator controlling 100,000 bots
2021-10-11 13:10

Ukrainian police have arrested a hacker who controlled a 100,000 device botnet used to perform DDoS attacks on behalf of paid customers. The threat actor was arrested at his home in Prykarpattia where he was allegedly using the botnet to perform DDoS attacks or to support other malicious activity for his clients.