From bad bots to phishing-as-a-service (PaaS) to and man-in-the-middle (MITM) attacks, a multitude of cybersecurity threats are facing organizations in 2023. Arkose Labs’ Founder and CEO, Kevin Gosschalk, and Arkose Labs’ Chief Criminal Officer, Brett Johnson, recently explained some of the communities, tools, and techniques for organizations to put on their radar.
For information on how you and your organization can best prepare for some of the top cybersecurity threats as 2023 approaches, keep reading below or watch the full webinar here.
Telegram and the Changing Definition of the Dark Web
The definition of the dark web has changed over the years. While browsers like Tor are still being used, many newer offerings now provide a better user experience.
Cybercriminals have been using Telegram on an increasing basis.The Telegram app can be used on both a mobile device or browser and provides a frictionless experience for users, complete with easy-to-use keyboard searching. So if you're looking at refunding fraud, one time password bots, bots in general, or just criminal communities, you can search for it within the app. For instance, IP address proxies can be bought which help cybercriminals to mask IP addresses and hide criminal activity.
This is part of a wider trend within the cyberthreat landscape in which cybercriminals can easily purchase and use solutions, complete with how-to guides and help desks. These improved user experiences enable a new era of cybercriminals and fraudsters with limited technical skills to conduct their cyberattacks.
Genesis marketplace is a bot marketplace. Currently, there are over 450,000 bots listed on Genesis. The bots run anywhere from $3.75 up to $400, and cybercriminals and fraudsters can even search for the specific company that they are trying to target. Genesis sits on someone's network, captures the credentials, the browser fingerprint, and the cookie of that specific session.
The developers of Genesis understand that most of their users are not sophisticated and don’t necessarily know how to use the captured information. Due to this, Genesis has its own standalone browser, or browser plugin, that automates tools for users to actually inject the cookie into the session, so you can bypass multi-factor authentication, gain access to the account, and more.
There is a reason why you can’t buy those Playstation 5s, new Nike shoes, or Taylor Swift concert tickets—inventory sniping with bots gets in the way. Malice is an inventory sniping group/bot-type channel that has 50,000 subscribers, all of whom pay $60 a month. Doing the math, Malice makes $1.8 million per month in subscriptions.
Malice is made up of people that work together to deny inventory or to snipe inventory from collectable cards to tennis shoes to event tickets. Malice has its own standalone app that users can download to their device and even provides a calendar with an update feature that announces new products that users might be interested in and advice on how to resell their sniped inventory.
Just as importantly, however, is that Malice doesn’t just provide information, but the tools to conduct these attacks as well. For instance, they will give users access to software and plugins, along with those who develop those tools, that they can run on their own computer. that actually makes the bot requests that purchases inventory, frustrating actual customers everywhere.
EvilProxy provides a reverse proxy, PaaS tool, which makes a website designed to mirror another site to trick users into providing their username and password information to log in. Using EvilProxy, users will drive traffic to this phishing site. For example, they will include a link in a message that looks like it might be coming from your bank. When the user clicks that link, it takes them to what appears to be the website that they thought they were clicking the link.
But of course, it's a fake website set up by EvilProxy that perfectly emulates the page and looks the same as the real thing. What EvilProxy also provides is a reverse-proxy, a MITM tool. When a user inputs their username and password, what they actually do is in real time is send that information to the real banks’ server, which triggers a one-time password (OTP) or PIN. EvilProxy’s tool then allows a cyberattacker to extract credentials, including the OTP or PIN, and access a user’s account.
Along with Malice and Genesis, EvilProxy provides a user-friendly experience that allows low-skilled fraudsters to conduct sophisticated attacks. They include step-by-step instructions and videos on how to set up your server and use their tools.
How to Best Mitigate Emerging Cybersecurity Threats
When it comes to mitigating these cybersecurity threats and others, know that most cybercrime is mostly driven by cybercriminals to make a profit. That is why it is imperative that organizations make cost and effort more than their profit margin. This will dissuade attackers from continuing their attack.
One area in which organizations can raise the cost to cybercriminals is investing in a solution that stops bot attacks at scale. This could include making it more difficult for bots to snipe tickets or other inventory, but also resell or trade that inventory.
If you would like more information on these threats, including walkthroughs and examples, watch our webinar on emerging cybersecurity threats.
To learn how Arkose Labs can help your organization detect and eliminate bots, book a demo today