Group-IB safeguards digital identity with Fraud Protection (ex. Fraud Hunting Platform)

Group-IB, a global threat hunting and intelligence company, has presented today its new solution for digital identity protection and fraud prevention – Fraud Protection (ex. Fraud Hunting Platform). The solution guards 130 million users daily. In H1 2020, Group-IB’s Fraud Protection shielded banking and eCommerce portals in Europe and Asia from bot activities, malware, and social engineering attacks and saved them roughly $140 million.

Group-IB’s virtual event was dedicated to the issue of protecting people’s digital identities from various threats. In the past 6 months, 3 out of 100 user sessions at banking and eCommerce portals around the world appeared to be fraudulent, according to Group-IB’s data. Malware attacks, social engineering and bot activity are the top 3 threats for users of eCommerce and banking portals, based on the analysis of dozens of millions of user sessions around the world over the same period.

To combat these 3 categories of threats, companies deploy a range of scattered security solutions that significantly degrade user experience. Fraud Hunting Platform becomes an integrated solution that will play a key role in protecting users. It is the successor to Group-IB’s Secure Bank/Secure Portal product line, which Group-IB has been developing since 2013.

During the presentation of Fraud Protection platform, streamed from the recently opened Europe HQ in Amsterdam, Group-IB also announced the launch of its new module called Preventive Proxy, designed to fight against bad bots disrupting eCommerce, online banking, and government portals. According to Group-IB’s estimates, malicious bots account for around 30% of Internet traffic.

Digital identity’s own ID

Group-IB’s Fraud Protection platform analyzes each session and examines user behavior (keystrokes, mouse movements, etc.) in web and in mobile channels in real-time. Based on user behavioral data and machine learning algorithms, the system creates a unique digital fingerprint for devices and identities. Just like a facial recognition authentication, the system correlates and matches user behavior with their devices, which helps distinguish between legitimate actions and malicious activity even if the criminals have gained access to a user’s smartphone or payment information. Using these unique data, the technology called «Global ID» marks devices across online resources globally where Fraud Hunting Platform is running and allows to identify fraudsters at early stages.

Moreover, thanks to the company’s unified ecosystems of Group-IB products, Fraud Protection uses relevant Threat Intelligence data, which helps detect hidden threats and suspicious connections, speed up investigations, and identify specific individuals involved in incidents. Unlike Secure Bank/Secure Portal, Fraud Hunting Platform is used not only to simply detect and prevent fraud but also to investigate thefts and hunt criminals and their infrastructure.

We are delighted to introduce Fraud Protection to market. The solution operates in a high-load mode, protecting 130 million users of web resources and mobile apps while blocking related malicious activity. The new system evolved from Group-IB’s range of online fraud protection products. It is high-performance and easy to integrate, and it uses patented technologies to detect attacks at early stages. Fraud Protection platform’s global mission is to protect user digital identity while hunting for threats and the adversaries behind them.

Dmitry Volkov
Dmitry Volkov

Group-IB CTO and Head of Threat Hunting Intelligence

Good bad bots

Newly released Preventive Proxy is designed specifically for eCommerce companies and financial organizations offering products and services online. As a module of Fraud Hunting Platform, Preventive Proxy distinguishes «good» bots (for automated web app testing for example) from «bad» bots leveraged by cybercriminals to attack company websites, web and mobile applications in a number of different ways.

Group-IB estimates that legitimate bots account for about 20% of all Internet traffic, while malicious ones make up 30%. The goal of Preventive Proxy is to protect websites, mobile apps and their users against criminals hacking into personal accounts, collecting personal data, scraping website content protected by copyright law, and attacking mobile APIs and using them without authorization.

While there are automated bots that snatch best deals and win giveaways, there are also smart and dangerous ones that break into your online accounts, steal users’ payment and personal data, and abuse API while imitating human behavior. The analysis of dozens of millions of user sessions in banks and eCommerce portals around the world revealed that Selenium, PhantomJS, and Headless Chrome are the three most frequently used tools in bot attacks that cybercriminals use to imitate user actions for credential stuffing or brute force purposes. The fact all three are legitimate instruments, makes it hard for traditional fraud detection solutions to spot them. Preventive Proxy offers smart protection against all types of bot attacks and can be either deployed in web or mobile app infrastructure or used through Group-IB’s cloud.

«Smart» bot protection also uses behavioral analysis algorithms to detect malicious bot activity. Preventive Proxy examines user behavior to assess whether a human being or a bot is performing a given action in the network. In addition, the solution collects browser, app, and device parameters, preventing the real user session from being re-used by malicious bots. Preventive Proxy does not block requests from trusted sources or legitimate bots.

Group-IB reports that up to 60% of bad bot activity is attributed to credential stuffing (attacks leveraging stolen credentials). The share of web scraping attacks (i.e. using bots to extract content and data from website pages) is 30%. The remaining 10% covers other types of fraud involving bots.

About Group-IB

Group-IB, with its headquarters in Singapore, is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), and Europe (Amsterdam).

Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat IntelligenceManaged XDRDigital Risk ProtectionFraud ProtectionAttack Surface ManagementBusiness Email ProtectionAudit & ConsultingEducation & TrainingDigital Forensics & Incident ResponseManaged Detection & Response, and Cyber Investigations.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 19 years of hands-on experience in cybercrime investigations worldwide and more than 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.

Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.