Humans vs. Robots: Automated Attacks and How to Deal with Them

Dec 12, 2017 | by Heidi Bleau

If there’s one thing that 2017’s high-profile data breaches confirmed, it’s that they aren’t just a headache for the hacked organization and its customers. Poor password practices—such as weak passwords and the reuse of passwords across multiple sites—make verified login credentials highly desirable on the black market.

The impact of account takeover on your business can reach far beyond your immediate financial losses—your customers will go elsewhere if you can’t keep their accounts safe, even if their poor password practices are a contributing factor. And the damage to your reputation can be irreparable. Unfortunately, legacy security tools, such as web application firewalls, are geared towards identifying the exploitation of software defects and aren’t necessarily designed to spot account takeover.

Automated Attacks are Fast and Repetitive
Automated tools allow cybercriminals to test the validity of username/password combinations stolen during data breaches much faster than a human being can. Sentry MBA, for example, is a common tool used in automated attacks.  It is traded widely and freely on internet forums, is easy to configure and use, but can be extremely difficult to detect. That’s a real problem.

However, the rapid-fire nature of automated attacks can also help detect them: humans and robots have very distinct navigation paths, and web behavior analytics can be used to distinguish those patterns.

Web Behavior Analytics: Sort the Replicants from the Regular Shoppers
You can detect robotic access based on a variety of factors such as click speed, volume of clicks and unusual behavior e.g. frequently accessing non-existent (error 404) pages. In one case, for example, an organization was using web behavior analytics to monitor for automated attacks and discovered that more than 200,000 credentials were tested from a single IP address and nearly 10,000 accounts were accessed successfully.

Web behavior analytics doesn’t just help detect cybercriminal behavior, though. It has also been useful in spotting website difficulties or bad processes—for example, a customer abandoning a purchase due to a forgotten password. Insights like these can help organizations improve the customer experience.

 

-----
In a recent survey, 72% of organizations stated it takes days – or longer – to determine the source of fraudulent activity on their website.  Web behavior analytics offers increased visibility into the entire transaction session to speed up fraud investigations and can also be deployed with zero impact on website performance. 

Learn more about the latest release of RSA Web Threat Detection as well as the numerous benefits offered by web behavior analytics in detecting cyber attacks across web and mobile traffic.

Author: Heidi Bleau

Category: RSA Fundamentals

Keywords: Account Takeover, Botnet, Web Behavior Analytics, web threat detection, automated attacks, credential testing