Account Security / Web Authentication

Game-Changer: “Solver Services” Help Fraudsters Bypass CAPTCHAs

November 22, 20237 min Read

Game-Changer Solver Services Help Fraudsters Bypass CAPTCHAs

A new paradigm is emerging with the advent of "solver services" utilizing advanced solver bots. These automated systems are reshaping the landscape of CAPTCHA dynamics, the traditional game of distinguishing between humans and bots. CAPTCHAs, designed with challenges like distorted text and image recognition, play a crucial role in online bot security. Nevertheless, solver bots have been crafted to adeptly navigate these obstacles, introducing a level of human-like sophistication that challenges the effectiveness of conventional CAPTCHA defenses.

This evolving situation has prompted organizations to reconsider their bot management strategies, navigating the delicate balance between safeguarding against automated threats and preserving a seamless experience for good users. Mainstream bot operators find it increasingly seamless to extract content, seize control of accounts, stockpile inventory, and engage in various forms of automated fraud targeting organizations relying on outdated bot management solutions.

It’s time to unravel the intricacies of this digital chess match, where each move signifies the evolving interplay between defenders of online spaces and the sophisticated players seeking to breach them. As businesses adapt to this evolving game, understanding the role of solver bots becomes crucial for implementing effective security measures and better understanding the ongoing efficacy of traditional CAPTCHA protection.

The Ultimate Bot Prevention Playbook
The Ultimate Bot Prevention Playbook

Why Solver Services Are a Problem

The proliferation of solver services and their bad bots is causing apprehension among CISOs and security teams, given their ability to outsmart bot detection systems. Cybercriminals can now exploit these solver services to conduct automated attacks on a larger scale, even with minimal technical proficiency. This newfound accessibility through the cybercrime-as-a-service (CaaS) model enables threat actors to effortlessly bypass site-specific bot defenses. CaaS refers to the outsourcing of illicit online activities, allowing would-be attackers to purchase or rent hacking tools like solver bots for a wide range of malicious purposes.

Notably, recent reports indicate a staggering 750% surge in the utilization of solver bots for login abuse and account takeover in e-commerce within the past 12 months. A year ago, these bots accounted for less than 10% of e-commerce bad bot traffic. Today, they make up over 95%. This significant shift emphasizes the urgency for organizations to reassess and bolster their bot prevention protocols in response to the escalating prevalence of solver bots.

The integration of solver bots into their toolkit allows attackers to seamlessly overcome site-specific defenses, presenting a formidable challenge for security professionals. This trend highlights the evolving landscape of cyber threats, as the commodification of solver services within the CaaS model expands the accessibility for malicious actors, emphasizing the urgency for adaptive and robust bot protection.

Solver Bots Meet Cybercrime-as-a-Service

The emergence of solver bots has significantly tilted the playing field in favor of attackers within the burgeoning CaaS model. These advanced bots provide attackers with the means to orchestrate malicious campaigns with greater ease—and minimal resources.

The cost asymmetry between those seeking to exploit vulnerabilities and organizations striving to defend against them has reached staggering proportions. For a meager sum of less than $500 per month, attackers gain access to a suite of solver bots, APIs, and services that allow them to reap substantial profits. This stands in stark contrast to organizations shelling out tens of thousands monthly for what are considered leading bot management solutions—only to find themselves circumvented by the very solver services designed to outsmart these defenses.

The impact of this cost imbalance is profound, with organizations not only grappling with platform fees but also facing additional expenses such as integration costs, ongoing professional services, and constant maintenance. The harsh reality is that the inefficacy of conventional solutions places the burden of combating bots squarely on the shoulders of customers, creating an alarming power dynamic where attackers hold a significant advantage in this relentless game of cat-and-mouse.

How Solver Services Work

Solver services leverage research conducted on computer vision and related tools which is experiencing exponential growth. They use these technologies to navigate digital obstacles with unprecedented sophistication, introducing a subtle revolution in the ever-evolving landscape of online defenses. This is how they work:

  • Step 1: A would-be attacker develops and releases a solver bot/API.
  • Step 2: Bot builder gains access to the attackers’ solver API service, then writes a script to call the API for new tokens, temporarily storing them for subsequent steps.
  • Step 3: The bot builder crafts an attack script and uses a new token for each request, making it hard for bot security to detect the attack.

What Businesses Need to Know About Solver Services

Online businesses that heavily depend on traditional CAPTCHAs to fortify their defenses against malicious bot attacks should be aware of the evolving landscape of solver services. These services, often powered by advanced algorithms and AI, are designed to efficiently bypass CAPTCHAs, rendering the conventional security measure less effective. Solver services have become increasingly sophisticated, capable of deciphering a wide range of CAPTCHA variations.

Organizations must recognize that relying solely on traditional CAPTCHAs may not be sufficient in deterring automated threats, and exploring additional security measures is crucial. Staying informed about the capabilities and prevalence of solver services is essential for online organizations seeking to enhance their defenses and safeguard against potential vulnerabilities in their systems.

Finding Protection from Solver Bots

To safeguard themselves and their customers from the threat posed by solver services, businesses should adopt a multi-faceted approach to bot security. First and foremost, incorporating advanced CAPTCHA mechanisms that go beyond traditional text-based CAPTCHA challenges can significantly raise the bar for these malicious services. Utilizing image-based CAPTCHAs, logic puzzles, or behavior-based authentication methods can introduce additional layers of complexity—and added friction for legitimate customers.

Implementing rate limiting and behavioral analysis to detect and block suspicious activities can help identify and mitigate automated attacks in real-time. Regularly updating and patching security systems is crucial to stay ahead of evolving solver service tactics. Employing a Web Application Firewall (WAF) and implementing bot detection and mitigation tools can also fortify defenses against automated threats.

Also, fostering user education on best security practices, such as enabling multi-factor authentication (MFA) and regularly updating passwords, contributes to a more resilient security posture. By combining these proactive measures, businesses can create a robust defense strategy that not only addresses the current threat landscape but also adapts to emerging challenges posed by solver services.

Arkose MatchKey Beats Solver Services

Arkose Labs employs a unique and effective approach to counter solver services through the innovative challenges of Arkose MatchKey. This solution is designed to disrupt the capabilities of solver services by introducing challenges that are difficult for automated algorithms to solve—but easy for legitimate human users. This technology leverages the inherent strengths of human perception and cognition, making it challenging for solver services to decipher.

As a non-traditional CAPTCHA, Arkose MatchKey presents users with visual challenges, often involving images or patterns, and requires them to select the correct elements to generate a matching key. These challenges are crafted in a way that taps into human intuition and contextual understanding, posing difficulties for automated algorithms to interpret accurately. Solver services, which primarily rely on algorithmic processing, struggle to navigate the nuanced and context-dependent nature of these challenges.

By implementing MatchKey technology, Arkose Labs effectively disrupts the success rate of solver services, as the challenges are tailored to exploit the human advantage over automated bots. This proactive and dynamic approach not only enhances security against automated threats but also creates a user-friendly experience, minimizing friction for legitimate customers while thwarting malicious bot activity.

Are you interested in learning how your business can beat solver bots for good? Talk to an expert today!

The Ideal CAPTCHA: Arkose MatchKey Has Defensibility, Usability & Accessibility
The Ideal CAPTCHA: Arkose MatchKey Has Defensibility, Usability & Accessibility