Arkose Labs Adds Advanced Phishing Protection to Its Industry-Leading Bot Management Platform, Arkose Bot Manager

4 min Read
  • Platform Adds Enhanced Features to Deter Attackers, Protect Users, and Minimize Cyber Risk

  • Arkose Named a Leader in Bot Detection and Mitigation by G2 for the Fourth Quarter in a Row

Arkose Labs, the global leader in bot management and account security, today announced that its flagship platform now detects and alerts against “reverse proxy phishing” attack campaigns on customer web sites. Arkose Bot Manager is the evolution of the industry-leading Arkose platform, with phishing protection, CDN integration, and recently announced email intelligence features. Due to consistent platform innovation like this Arkose has again been ranked a leader in Bot Detection and Mitigation in G2’s Spring 2023 report, with 100 percent of users rating the solution with four or five stars.

According to the FBI Internet Crime Complaint Center (IC3), in 2022 phishing attacks were the number one internet crime, costing victims an estimated $52 million. New types of phishing attacks like Adversary-in-the-Middle (AITM) reverse proxy threaten to increase that number dramatically. Readily available tools like EvilProxy are now available to cybercriminals as a service to easily build phishing sites that steal authentication tokens and bypass multi-factor authentication (MFA).

“Cybercrime has moved from individuals lurking in the dark parts of the internet to a global business with a cybercrime-as-a-service model,” said Kevin Gosschalk, CEO of Arkose Labs. “The most effective way to beat a business is to turn the economics against them. We make it impossible to justify the cost of the fight.”

Phishing attacks have evolved, with attackers tempting users to click on malicious URLs versus attachments in 60 to 70 percent of cases. AITM reverse proxy attacks use fake websites designed to emulate legitimate sites such as a bank website. Users are driven to the fake site through a message, and asked to login. The fake site not only replicates the login process, it also includes a reverse-proxy. When a user inputs their username and password, the fake site sends that information to the real banks’ server, which triggers a one-time password (OTP) or PIN. With control of the proxy, the cyberattacker can extract credentials, including the OTP or PIN, and the cookie from the legitimate bank site, allowing them access to the user’s account.

“Phishing isn’t simply about domain block lists or analyzing website contents anymore,” said Ashish Jain, CTO of Arkose Labs. “Those methods might work against unsophisticated attacks, but new phishing attacks require a comprehensive security posture. Arkose Bot Manager beats attackers at their own game by forcing them to integrate Arkose into their fake pages with absolutely no effect on the user experience. With Arkose integrated, we can thwart a phishing attack and give the business data on the attackers—and unlike traditional phishing detection methods, Arkose Phishing Protection is able to detect and block malicious requests in real-time.”

Arkose Bot Manager

Arkose Bot Manager combines transparent detection with dynamic attack response to catch attackers early without disrupting the user experience. Arkose detection aggregates real-time device, network, and behavioral signals to spot hidden signs of bot and human-driven attacks, such as device and location spoofing. Once suspicious signals are detected, Arkose’s proprietary challenge-response technology separates the good users from the bad bots. New Arkose Bot Manager features include:

  • Protection against next-generation phishing attacks, leveraging sophisticated anti-bot defense at login and non-legitimate site detection that provides businesses with visibility into traffic from non-primary domains. Arkose embeds a token in the legitimate web application or SDK. Each request dynamically verifies that the token has passed from the client to the server, causing sessions originating from a phishing website to fail.
  • CDN integrations with major cloud providers and content delivery networks. These easy-to-configure integrations significantly reduce the effort and time to deploy Arkose Bot Manager on critical user flows and provide customers with several architectural options.
  • Email intelligence that stops bots and bad actors from using fake or risky email addresses in attacks on online services and applications.

Arkose Bot Manager is the only bot management solution backed by two separate $1 million warranties. Building on the strength of its existing $1 million warranty against account take-over attacks, Arkose Labs today announced an additional $1 million warranty against SMS toll fraud attacks. Together, these warranties demonstrate the company’s commitment to deliver business impact, confidence, and ROI to its customers.

G2 Report Leader

Arkose Labs has been recognized for its outstanding customer support and product usability. The Spring 2023 G2 Grid® Report for Bot Detection and Mitigation rated Arkose Labs with over 98 percent customer satisfaction in every category. Arkose Bot Manager received the highest ratings among its competitors for Ease of Use, Ease of Setup, Ease of Admin, and Likelihood to Recommend.

Read original article here.

Share Now