Bots Attacks Getting More Difficult to Detect

Discussion in '[H]ard|OCP Front Page News' started by Kyle_Bennett, Jun 19, 2017.

  1. Kyle_Bennett

    Kyle_Bennett El Chingón Staff Member

    May 18, 1997
    Bot attacks are nothing new when it comes to Net security. In the past it was not uncommon for even HardOCP to see tens of thousands of these a day, and we do not even have any information here that would be of value to a hacker of any kind outside of actually using our resources for further attacks or phishing campaigns. However these attacks are becoming more and more complex in how they operate and how those hide. The IOT (Internet Of Things) is a big part of what is allowing these attacks to fly under the radar.

    In a recent automated attack, a large bot army hacked into accounts using brute-force methodology and a highly accurate username and password list. PerimeterX researchers discovered that by overwhelming sites with requests from a network of tens of thousands of Internet of Things devices such as Canon printers and network devices, and with each bot sending just a single request every 10 minutes or so, the attacker completed more than 5 million attempts per day. Furthermore, the attack was successful on 8% of attempts, breaching a shocking 400,000 accounts per day.

    These new bots have been programmed to fully hide their identity as a bot by camouflaging as a real user that looks just like you so they are able to get around traditional IP and fireware blocks. And the bad guys are finding all sorts of ways to extract value from these bots in various ways.

    The attacker will find various ways to extract money from the website. These techniques include account takeover, in which the stolen accounts are then sold on the Dark Web and used for fraud, fake account creation, testing stolen credit cards, and brute-forcing gift cards by guessing their number to cash out their balances. There's also click-fraud, in which bots are instructed to invisibly browse different sites and click on ads to extract money from advertisers.

    Detection protocols are being put into place by different companies that go as far as the way humans use mice while on a website, but assuredly this is something that will emulated quickly as well. How quickly can bots mimic real human movements?
    heatlesssun likes this.
  2. spaceman

    spaceman [H]ardForum Junkie

    Jan 7, 2005
    Only way to stop this is back to the barter system. I will trade you eggs for internets.
  3. Agromahdi123

    Agromahdi123 Gawd

    Jul 22, 2005
    i see chinese spam posts in the forum in the wee hours in the morning, and im always like man, wtf, that shit sucks. heres a big thumbs up for holding down the fort.
  4. BloodyIron

    BloodyIron [H]ard|Gawd

    Jul 11, 2005
    2FA is how you stop this shit