The security world is always looking for ways for innovative solutions to solve existing problems. Using artificial intelligence, machine learning, or prevention-first strategies are great ways to improve on solutions that have existed for decades. Once just trendy jargon, artificial intelligence and machine learning enable automation beyond what was previously imaginable, all while preventing attacks before they are successful.
When you need to innovate, you need collaboration.
– Marissa Mayer (Co-Founder of Sunshine Contacts, former CEO of Yahoo)
Such is the case with bot prevention and Magecart protection. As bots become more sophisticated, emulating human behavior more realistically every day, the need for advanced detection and prevention techniques grows. The damage bot attacks can do to an ecommerce website range from Account Takeover (ATO) to interception fraud to dictionary attacks. A blog by DataDome lists the types of fraud bots will perform on an ecommerce site.
Bots need information to perpetrate attacks, and that information is collected from user inputs, maybe even from the same site. A Magecart attack uses foreign code, not bots, to skim information on a site and build a database of credentials, payment cards, PII, or PHI data for sale later on. That data is then used by bots to flood a site and perform those nefarious actions. Drying up the well of information using a real-time Magecart prevention solution is a great collaboration strategy.
Good Bot, Bad Bot
The use of bots on a website does not immediately indicate malicious or harmful behavior. Some bots are beneficial to a site: search engines, marketing, social network, or aggregator bots all benefit a site in one way or another. A search engine bot is so important to a website that many companies employ a company to specifically target these bots with search engine optimization. The placement of an ecommerce site on a search results page significantly reduces revenue (Search Engine Revenue). Other bots work to collect website statistics, monitor user experience, or measure uptime, among others.
Using techniques like click fraud, credential stuffing, or scraping attackers can and will create new headaches for your security, digital, and marketing teams. Targeted attacks using bots can lead to website downtime, loss of revenue, or brand damage.
Bots can be a major threat to businesses and take many forms. As Benjamin Fabre, DataDome Co-founder and CTO says: “The login page for example is the gateway to valuable personal information. Credential stuffing attacks can also significantly slow down a company’s website performance and may even take it down altogether. On the payment funnel, the biggest threat is carding, where bots use stolen card data to identify valid card details or commit card fraud, breaking the trust between the customer and the merchant, companies also end up paying chargebacks for successful carding attacks.”
As these new techniques evolve and even use their own artificial intelligence, they require blue-team based AI and machine learning to detect and protect against.
Information is key
Bot attacks cannot be carried out without the necessary information. Attackers need credentials to test, payment cards to input, or specific account information to bypass security. This information is typically gathered by skimming inputs on a website, also called a Magecart attack, and then adding that information to a database to be sold later. This credential harvesting pays dividends for attackers, especially when 65% of people reuse passwords. All it takes is one successful attack to harvest credentials that can be used on multiple sites throughout the ecommerce ecosystem.
Innovation is necessary
Two solutions, in collaboration with each other, that prevent attacks on both sides is an innovative way to protect visitors and websites. Source Defense offers real-time prevention of magecart attacks and solutions like DataDome’s Bot Protection use AI and ML to protect your site from bot attacks. Both of which can be deployed easily and seamlessly by CDN providers such as Fastly.
More and more, nefarious groups are working together to compromise websites by using different techniques and different attack vectors. Isn’t it time to do the same with your security solutions?
For those attending Black Hat 2021, we welcome you to register for and attend our Top Golf event being held on Wednesday, August 4th.
PCI DSS 4.0 makes client-side security a priority.
Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.
