This month, we have been able to gain valuable insight into the realms of bot management and protection with Head of Threat Research, Scott Pendlebury at Netacea. The company has a mission to harness the power of artificial intelligence to protect and optimise all of the world’s biggest websites.
In this interview expect to learn more about the rise in attacks during the pandemic, how Netacea’s trademarked Intelligent Analytics™ have provided unparalleled detection services to businesses around the globe, and discover some shocking website traffic statistics.
Q: Tell us about Netacea, and what your company has set out to achieve in the cybersecurity sector.
Netacea provides bot detection and mitigation. Using its Intent Analytics™ engine, powered by machine learning, its smarter bot management solution helps businesses such as AllSaints understand their web traffic, in particular bot activity.
Netacea’s mission is to protect businesses’ websites, mobile apps and APIs from malicious attacks such as content scraping, credential stuffing or account takeover, by empowering them to find and prevent the most sophisticated threats they face.
Q: We’ve seen a rise in cybersecurity threats and attacks recently, what do we need to be aware of in order to protect ourselves?
Just as businesses have been encouraged to go online and work remotely as much as possible, so has crime. New opportunities abound, and the number of threat actors have increased—not every cybersecurity expert who finds themselves out of work will resist the temptation of the “dark side”.
The change in online traffic makes it more difficult to discern attacks. For example, we’ve seen big retailers adopt virtual queues and run out of delivery slots due to unprecedented demand. This unusual activity will make it even more difficult than usual to determine who on their site is legitimate, and who is a threat. Similarly, a rush of new and until recently dormant accounts on online food ordering services have sprung into life. Compromised accounts are often traded on the dark web, and this new demand makes it easier to hide when accounts are stolen, sold and used.
Attacks are increasingly automated and it’s less the type of attack but the automation that businesses need to guard against.
Q: Could you explain what a ‘bot’ is, and how these are used in attacks?
A bot is a software application that is programmed to run automated tasks. Bots typically perform tasks that are simple and repetitive, such as scanning content on webpages or ordering food, and at a much faster rate than humans can. Wonder how you can order a Whopper through Facebook Messenger? It’s thanks to a bot! They’re so popular that bots today represent more than half of all online traffic.
However, bots can be used with bad intent and carry out all sorts of attacks such as credential stuffing, card cracking or web scraping. In fact, roughly 26% of bot traffic is bad and a threat to businesses and consumers alike.
Credential stuffing, for instance. is widely used across multiple industries, and uses stolen passwords and usernames, known as combo lists, to hijack accounts—the hacker buys a list of leaked passwords, and then has a bot use these passwords on other sites to try to gain access. With research revealing that more than 50% of internet users reuse the same password for multiple accounts, there’s a good chance of success. Doing this manually won’t get results, but a bot can quickly check 1000s of credentials every minute.
Q: What business damages can be incurred from becoming a victim of a bot attack, could you provide an example?
Bot attacks can result in poor website performance, site downtime, exposure of sensitive customer data, lost revenue or damage a brand reputation. In fact, in 2018 alone, $7bn was lost to account takeover and credential stuffing attacks.
A good example is the Just Eat and Deliveroo hacks that happened last year. These delivery services thrive on a great customer experience and zero friction so to be able to provide the convenience their customers crave such as one-click ordering, card details need to be saved. However, when a hacker manages to take over an account using a bot, they can then commit fraud with the account or sell on the verified username and password via online marketplaces. By exploiting the legitimate functionality, neither company was aware of any untoward behaviour and so were unable to stop it in its tracks.
Even if a business isn’t directly targeted, it can still have an effect. Card cracking is where a business’s payment gateway is used to check the validity of stolen credit card details. Even if the valid cards are used elsewhere, the business used to check these cards can find itself liable for the huge fees that checking thousands of cards can incur.
Q: What actions can businesses take to protect themselves from cyberattacks?
To make sure they do not become the next victim, businesses need to start asking a different question. They should not be asking “is this a human or a bot?” but instead look at the intent. “What is this visitor doing?” Banning bots outright isn’t viable—many are vital, for example search engine visibility.
Machine learning will be key here to learning not what human behaviour looks like, but in identifying what good behaviour looks like. Through web log analysis businesses can build a profile of the way users interact with a website to determine their intent. While an attacker can mask their behaviour to appear human like, they cannot easily mask their intention.
Once they have gained this visibility, businesses can not only stop the attack but also start to make better business decisions. After all, it’s difficult to understand what products customers have been browsing and their path through a website when so many aren’t real.
Q: How is Netacea using AI / ML to assist in protection businesses from fraudulent bots?
Our approach harnesses machine learning to analyse the web traffic and other passive signals to uncover the intent of a visitor, we call this Intent Analytics.
Our technology monitors all site visits to a specified path and analyses them in context relative to each of the visitors to the enterprise estate. The technology then automatically learns from the business’s web estate according to the specified priorities and threats it faces. This approach evolves and adapts in maturity with the organisation.
Building this relational matrix, rather than one model that applies to every situation, is crucial as we examine thousands of potential signals and the way they compare each other, to produce a true multi-dimensional data model. Our machine learning module therefore learns from the environment and adapts its algorithms to the organisation’s unique set of requirements.
We look at the behaviour of all website visitors, and in our multi-dimensional data, we look for identifying clusters of behaviour, including any fingerprint markers.
The machine learning intelligence then dynamically assesses what constitutes “normal” behaviour over time, by path or location within the website. This allows us to build an accurate model in the context of actual behaviour.
Q: The virtual waiting room is an interesting concept, could you elaborate on what that actually means and how it protects from downtime during peak traffic times?
A virtual waiting room is a scalable, cloud-based queuing service that sits in front of a business’ website, helping to control access for all its visitors and ensure it remains available 24/7, 365 days a year, no matter how busy it gets.
Our TrafficDefender offering ensures a business’ infrastructure only ever receives the visitors it’s able to manage, allowing it to guarantee availability, protect the customer experience and maximise revenue.
When the maximum number of visitors is reached, TrafficDefender delivers a waiting page to all additional visitors without any access to servers. Users in the virtual waiting room enter in to a first-in-first-out queue and are shown their progress in real-time, with an estimated time to entry. Visitors automatically enter the site the moment that they reach the front of the queue.
Q: Where do most of the threats originate from, and ratio-wise, what’s the difference between state-sponsored attacks vs individuals or collectives of cybercriminals?
The biggest threats to the west typically originate in Russia, China, Iran and Brazil. Attacks are carried out with intent, motivation and capability. The ratio depends on the business and sector; those in the energy industry will notice a higher ratio of state sponsored activity, while retailers are more likely to be targeted by organised crime groups.
Q: Recently you were named a leader in Behavioural Biometrics, congratulations! How did Netacea achieve this accreditation – how is behavioural biometrics used?
There were more than 400 companies and 35 segments in the 2019 Identity Landscape, that depicts the growing and maturing industry. One World Identity – a market intelligence and strategy firm – recognised Netacea as a leader in the Behavioural Biometrics segment for our innovative use of threat intelligence and machine learning that revolutionises bot detection and mitigation. Our Intent Analytics™ engine analyses web and API logs in near real-time to identify and mitigate bot threats.
This is a unique approach that provides businesses with transparent, actionable threat intelligence that empowers them to make informed decisions about their traffic.
Q: What industries are most at risk would you say, is there one that stands out or is it equal across all industries? Why do you think that is?
Most industries are at risk as bots are everywhere online. Want to buy the latest trainers? A sneaker bot might beat you too it, snapping up limited editions to re-sell at an inflated price. Tickets to see a gig? A ticket bot buys them all to resell. Want to book a flight? Travel bots are holding seats in the checkout basket making it appear like the flight is fully booked.
However, the financial services, retail, travel and gaming industries are just as prone to bot attacks due to how lucrative an access to a bank account or loyalty point schemes can be.
Q: In terms of the future landscape of cybersecurity, especially with the rapid growth of technological developments, what are some new threats that we may need to prepare for?
There is a growing threat to infrastructure that is supported by or heavily reliant on IoT devices. These non-traditional devices often lack security and can be overlooked in terms of vulnerability management and patching.
As a result, the future cybersecurity landscape could begin to affect the physical world a lot more. For instance, when the COVID pandemic struck, attackers targeted hospitals and their medical devices.
Q: Finally, what have been some shocking/surprising findings from the big data behind the scenes?
For some websites, up to 50% of traffic to their web facing infrastructure – websites, mobile applications and APIs – is found to be bot activity, rather than legitimate users. As bots become increasingly human in their behaviour, this can only be detected by machine learning capable of recognising the difference between automated traffic, and good vs. bad bot traffic. Humans alone can no longer recognise sophisticated bots.
Learn more about Netacea by visiting www.netacea.com