Account takeovers, fraudsters, booters, scrapers and how to find them

Account takeovers (ATOs) are a major and growing threat that compromise user accounts through unauthorised access, leading to fraud and data theft. In Australia, this threat is especially relevant due to the high digital engagement of businesses and consumers. Presenters Adam Cassar and Daniel D’Alessandro, with strong backgrounds in internet security and performance, discuss the current landscape of ATOs and related security challenges such as credential stuffing, brute force attacks, and the use of bots in fraudulent activities.

ATOs in Australia have been rising sharply, with a reported increase of 354% year-over-year. These attacks cause direct financial losses and damage the reputation of affected firms. Seventy-three percent of consumers believe that the responsibility for preventing such attacks rests with the brand. The financial impact is substantial, costing businesses on average 3.51 times the lost transaction value, a burden that is even greater for financial institutions.

The presentation highlighted methods used by fraudsters, such as credential stuffing and brute force attacks. Credential stuffing involves automated attempts to log into websites using stolen account details, while brute force attacks systematically check possible passwords until the correct one is found. These techniques show the importance of robust security measures to prevent unauthorised access.

Another significant threat comes from bots, including scrapers and booters. Scrapers automate the extraction of data from websites without permission, often targeting sensitive or competitive information. Booters facilitate Distributed Denial of Service (DDoS) attacks, which flood websites with excessive traffic to disrupt operations. These bots not only compromise security but also infringe on intellectual property and can lead to legal complications.

Adam and Daniel discussed several advanced techniques used by attackers, such as the use of residential proxies and sophisticated bots capable of mimicking human behaviour. These methods enable attackers to bypass conventional security measures, making detection and mitigation more challenging. For instance, residential proxies disguise malicious traffic as legitimate by routing it through actual residential IP addresses, complicating the task of distinguishing between genuine and malicious requests.

To counter these threats, they presented a range of defensive strategies that companies can employ. These include network fingerprinting, which involves analysing network packets to identify and block suspicious devices; behavioural analysis to detect patterns typical of automated tools; and advanced proxy detection techniques. They also emphasised the importance of rate limiting, API security, and implementing more sophisticated measures like device fingerprinting and session fixation prevention.

Adam and Daniel’s insights are crucial for Australian businesses facing these security threats. By understanding the nature of these attacks and adopting a layered security approach, organisations can better protect themselves and their users from the significant repercussions of account takeovers and related cybercrimes. Their call to action for businesses is to prioritise these security challenges, adapting swiftly to the evolving tactics of fraudsters to safeguard their digital environments.