Group-IB, a global threat hunting and intelligence company, has presented today its new solution for digital identity protection and fraud prevention Fraud Hunting Platform. The solution guards 130 million users daily. In H1 2020, Group-IB’s Fraud Hunting Platform shielded banking and eCommerce portals in Europe and Asia from bot activities, malware, and social engineering attacks and saved them roughly $140 million.
Group-IB’s virtual event was dedicated to the issue of protecting people’s digital identities from various threats. In the past 6 months, 3 out of 100 user sessions at banking and eCommerce portals around the world appeared to be fraudulent, according to Group-IB’s data. Malware attacks, social engineering and bot activity are the top 3 threats for users of eCommerce and banking portals, based on the analysis of dozens of millions of user sessions around the world over the same period.
To combat these 3 categories of threats, companies deploy a range of scattered security solutions that significantly degrade user experience. Fraud Hunting Platform becomes an integrated solution that will play a key role in protecting users. It is the successor to Group-IB’s Secure Bank/Secure Portal product line, which Group-IB has been developing since 2013.
During the presentation of Fraud Hunting Platform, streamed from the recently opened Europe HQ in Amsterdam, Group-IB also announced the launch of its new module called Preventive Proxy, designed to fight against bad bots disrupting eCommerce, online banking, and government portals. According to Group-IB’s estimates, malicious bots account for around 30% of Internet traffic.
Digital identity’s own ID
Group-IB’s Fraud Hunting Platform analyzes each session and examines user behavior (keystrokes, mouse movements, etc.) in web and in mobile channels in real-time. Based on user behavioral data and machine learning algorithms, the system creates a unique digital fingerprint for devices and identities. Just like a facial recognition authentication, the system correlates and matches user behavior with their devices, which helps distinguish between legitimate actions and malicious activity even if the criminals have gained access to a user’s smartphone or payment information. Using these unique data, the technology called «Global ID» marks devices across online resources globally where Fraud Hunting Platform is running and allows to identify fraudsters at early stages.
Moreover, thanks to the company’s unified ecosystems of Group-IB products, Fraud Hunting Platform uses relevant Threat Intelligence data, which helps detect hidden threats and suspicious connections, speed up investigations, and identify specific individuals involved in incidents. Unlike Secure Bank/Secure Portal, Fraud Hunting Platform is used not only to simply detect and prevent fraud but also to investigate thefts and hunt criminals and their infrastructure.
Group-IB CTO and Head of Threat Hunting Intelligence
Good bad bots
Newly released Preventive Proxy is designed specifically for eCommerce companies and financial organizations offering products and services online. As a module of Fraud Hunting Platform, Preventive Proxy distinguishes «good» bots (for automated web app testing for example) from «bad» bots leveraged by cybercriminals to attack company websites, web and mobile applications in a number of different ways.
Group-IB estimates that legitimate bots account for about 20% of all Internet traffic, while malicious ones make up 30%. The goal of Preventive Proxy is to protect websites, mobile apps and their users against criminals hacking into personal accounts, collecting personal data, scraping website content protected by copyright law, and attacking mobile APIs and using them without authorization.
While there are automated bots that snatch best deals and win giveaways, there are also smart and dangerous ones that break into your online accounts, steal users’ payment and personal data, and abuse API while imitating human behavior. The analysis of dozens of millions of user sessions in banks and eCommerce portals around the world revealed that Selenium, PhantomJS, and Headless Chrome are the three most frequently used tools in bot attacks that cybercriminals use to imitate user actions for credential stuffing or brute force purposes. The fact all three are legitimate instruments, makes it hard for traditional fraud detection solutions to spot them. Preventive Proxy offers smart protection against all types of bot attacks and can be either deployed in web or mobile app infrastructure or used through Group-IB’s cloud.
«Smart» bot protection also uses behavioral analysis algorithms to detect malicious bot activity. Preventive Proxy examines user behavior to assess whether a human being or a bot is performing a given action in the network. In addition, the solution collects browser, app, and device parameters, preventing the real user session from being re-used by malicious bots. Preventive Proxy does not block requests from trusted sources or legitimate bots.
Group-IB reports that up to 60% of bad bot activity is attributed to credential stuffing (attacks leveraging stolen credentials). The share of web scraping attacks (i.e. using bots to extract content and data from website pages) is 30%. The remaining 10% covers other types of fraud involving bots.