Group-IB protects “digital personality” by using Fraud Hunting PlatformЕкатерина Alexandrov | 30.10.2020
Group-IB presented a new comprehensive system for anti-fraud Fraud Hunting Platform.
With it for the first 6 months of this year managed to prevent the damage in the amount of 320 million rubles in five major Russian banks. Hunting Fraud Platform protects every day 130 million users.
Also presented is a new product Preventive Proxy. It was created in response to the growing problem of malicious bots that attack the market of e-Commerce and online banking. According to Group-IB, on
malicious bots account for approximately 30% of the Internet traffic. The most common of these bots are used to guess passwords using previously stolen credentials. Their share
is about 60%.
The main role in the protection now performs complex system of Group-IB Fraud Hunting Platform. She became the successor to the product line of Bank SecureSecure Portal that Group-IB has developed since 2013
having won a grant from SKOLKOVO Foundation for the development of innovative protection against online fraud.
Digital identity with your ID
Real-time Group-IB Fraud Hunting Platform analyses
each session and the user’s behavior as a web resource and mobile app. Based on behavioral analysis and machine learning algorithms, the system creates a unique digital
fingerprint devices “connects” with them for user accounts, allowing more accurately to distinguish his actions from the actions of fraudsters, even if they, for example, took control of its mobile
phone or billing information. This technology is called Global ID, the global user identification.
This unified information environment for all the products of Group-IB allows the system to Fraud Hunting Platform to use the unique data Threat Intelligence, which gives the opportunity to reveal the hidden
threats and suspicious when, to use this information when investigating and “hunt” for intruders, leaving the involved in the incident entities.
“We have brought to the Russian market system Fraud Hunting Platform capable of operating in high load mode, processing tens of millions of requests to Internet resources and mobile applications
at the same time blocks the harmful activity, — says Pavel Krylov, head of the direction for combating online fraud Group-IB company. The new system can be called
the evolutionary development of product families, Group-IB to protect against online fraud: it high-performance, easy integration and uses patented technology to detect the attack before it
implementation. Global mission Platform Fraud Hunting – hunting is not only for threats but also for the criminals who are behind these attacks.”
“Bad” bot will not work
Preventive Proxy designed specifically for companies
working in the field of online trading, as well as “classic” businesses that sell products and services via the Internet. The inclusion of Preventive Proxy part Fraud Hunting Platform allows
to recognize a “good” bots (e.g., search engines Yandex, Google) and malware, which attackers carry out various attacks on websites, web and mobile applications companies.
According to Group-IB, in the legitimate bots account for about 20% of all Internet traffic to malicious – about 30%. Task Preventive Proxy — comprehensive protection for web sites, mobile applications and their
users from hacking accounts, the collection of personal information from personal accounts, illegal copying of copyright content from sites “attacks” on the mobile API and its
Preventive Proxy can be embedded in the infrastructure of the web or mobile app, and use it through the cloud Group-IB. “Smart” protection from bots also applies behavioral analysis to
identify malicious bot activity. Preventive Proxy, for example, explores the behavior of the user to assess who performs certain actions on the network – a human or a bot. In addition, the solution
collects browser settings, applications and devices, protecting the real user session from the repeated use of “bad” bots. While Preventive Proxy is not blocking requests from
trusted sources or legitimate bots.
Potatopak: diversity of species
“Bad” bots enabled the international research Agency Forrester in the top 5 of major cyber threats in 2020. In Group-IB estimated that up to 60% of the activity of “bad” bots accounted for Credential
stuffing (attacks using stolen credentials). The share of the scraping (from the English. “scraping”, the technology of obtaining web data by extracting them from the pages of web resources) — is 30%. More
10% are the other types of fraud.
After analyzing the types of malicious bots, experts Group-IB concluded that in 80% of cases, such as Credential stuffing, cyber criminals are using shell-bots that make direct
access to the server from the console. In scraping attacks (20%) involved web-bots is more intelligent bots, which usually uses headless browsers. This scanner
the vulnerabilities of skrapari, spammers, bots for auto, purchases goods. The third category of malicious bots (less than 1%), emulate the behavior of a person, for example, for authorization and verification of accounts
information security, cyber security, tools