Researchers at anti-bot specialist Kasada have recently uncovered the use of ‘Solver Service’ bots — an API-as-a-service tool created to bypass the majority of bot management systems.
By ‘solving’ a bot detection system’s defense, these allow enterprising cybercriminals to now commercialize the Solver Service they deciphered and sell it for a profit. This means buyers can successfully conduct automated bot attacks without any technical skills — and without having to worry about what bot defenses a site may have in place.
Over the last 12 months, there’s been a more than 750 percent increase in solver bots used for login abuse/account take over attacks within the eCommerce sector. This is particularly attractive to the fraudsters as it allows them to get hold of hard-to-come-by items to sell on at a profit, but also to scrape content, take over accounts, hoard inventory, and commit other forms of automated fraud.
In response Kasada is launching an enhanced platform which disrupts this growing supply chain of Solver Services as well as other innovative ways attackers evade detection. The company’s approach to stopping bots adapts as fast as the attackers working against it, in contrast to older reactive bot management systems that rely on static and poorly obfuscated defenses.
“In our industry, providing immediate and long-term efficacy is everything – yet very few solutions protect and regularly change their defenses to stay ahead of attackers’ speed of innovation,” says Jonathon Hope, head of product, Kasada. “Organizations using anti-bot solutions that remain static and don’t disguise their defense methods are hit the hardest by Solver Services. The majority of bot management solutions fail to detect sophisticated bots up to 90 percent of the time. The approach to stopping bad bots must evolve in order to remain effective.”
Techniques used include defense randomization, which makes it hard to automate attacks, and obfuscation methods that make reverse engineering difficult.
You can find out more about the research and how Kasada’s solution can help here.
Image credit: kjpargeter/depositphotos.com