Attackers and bot authors are continually evolving their methods, shifting their focus beyond just websites. With websites often having a reasonable level of protection, malicious actors are increasingly targeting less-protected areas, namely APIs, with their bots. This blog post delves into the evolving threat landscape. We’ll focus on how attackers exploit APIs and IoT devices to launch attacks like credential stuffing, using streaming services as a prime example.

In the evolving landscape of online ticketing and eCommerce, few technological developments have been as controversial as scalper bots. These automated programs, designed to purchase high-demand items faster and more efficiently than humans could, have transformed the way we buy and sell coveted goods online. During this forthcoming blog series, we are going to explore the fascinating evolution of scalper bots. We will trace their origins, developments, and impacts across several distinct eras.

Streaming services are one of the most popular targets for cybercriminals. Using automated bots, attackers steal millions of streaming accounts each month. Adversaries quickly sell these via illegal marketplaces to make massive profits. Although any streaming service is vulnerable to account takeover and credential stuffing attacks, there are additional risks and damages when live event streaming is on offer.

In part one of our “Follow the Crypto” series, we highlighted the growing need for cryptocurrency investigations in the fight against fraud. We discussed the hurdles that investigations face, from the anonymous nature of transactions to the complexity of analyzing blockchain data, but also noted some famous successful investigations.

Business leaders often see security as an insurance policy – a box that CISOs need to tick just in case the organization comes under attack. This make it difficult for InfoSec decision makers to justify the cost of upgrading defenses. After all, we already ticked that box – right? But when it comes to automated attacks, it’s not a matter of “if” bots will target your business. It’s not even a question of “when”.

Nowadays, cryptocurrency is a buzzword in society. It’s mostly seen as a high-risk investment or associated with fast profit-making schemes. Despite this, its adoption has surged in recent years, and according to crypto.com, the number of cryptocurrency holders has now hit 580 million. Unfortunately, not all of them hold it for legitimate reasons. We are at a juncture where criminals have the knowledge, services, and tools to channel their illicit profits through cryptocurrencies.

Netacea is proud to announce that one year on from originally completing SOC 2 Type 2 compliance, we have successfully passed our latest audit. This is an accolade we take pride in as it further demonstrates our ongoing commitment to data security and protecting our customers.

Earlier this year we stated that bot attacks can be run by anyone, from skilled individuals to organised gangs. Bots can hit websites for a number of reasons. Common attacks include credential cracking to account takeover, to scalping. These bots have the power and capability to conduct multiple attacks repeatedly. Those actions have long seen standard for bots though, so what is new in the world of bot attacks? What is making these attacks more sophisticated?

The use of artificial intelligence (AI) for defense allows for the better scanning of networks for vulnerabilities, automation, and attack detection based on existing datasets. However this is all in defense against an unknown attacker, who can have varying offensive tools all designed to overcome the most sophisticated defense. Is the biggest challenge for defensive AI that there is an offensive AI operator with unknown capabilities? And has offensive AI lowered the barrier of entry for bot attackers?

The definition of Artificial Intelligence (AI) has been thrown around whilst it has risen to the top of the tech agenda over the past couple of years. Security professionals have determined AI to be a risk to businesses, and also an opportunity. But could it also be a way to better defend your network against attacks? For many years, AI and Machine Learning have gone hand in hand; with AI used to better determine defensive decisions and cut down on the human element in more basic functions.