Tag Archive for: “bot”

Global bot security market to reach US$2.5 billion by 2032

/in


The bot security market is expected to reach US$2.5 billion by 2032, up from US$487 million in 2022, according to a new report.. The market is expected to advance at a CAGR of 17.6% throughout the forecast period.

The rise in bad bot traffic, rising sophistication of botnet assaults and loss of revenue for firms, traffic shift from mobile to web, and explosion in the use of APIs across businesses such as eCommerce, travel, gaming, and others are all major driving reasons for the bot security market.

As per the global bot security market study by FMI, increasing botnet sophistication, a shift in traffic from mobile to web, rising awareness about data privacy, and a surge in API usage across a variety of industries, including retail and e-commerce, travel and hospitality, and telecom, are expected to drive bot security market growth over the forecast period.

Botnet security solutions and services are widely used in the media and entertainment business to detect and mitigate advertising-related vulnerabilities. This reason is expected to drive the bot security industry forward.

In several regions of the world, a trend of ideological and state-driven attacks targeting persons or organisations to support a political cause or carry out a cyber-warfare campaign is being noted, with organisations finding it difficult to combat these attacks. Botnet attacks, according to industry analysts, may be carried out across multiple organisations around the world employing such approaches.

This figure is likely to grow significantly in the next years due to increased internet penetration. In industrialised economies, such as the United States, Australia, South Korea, and Japan, smartphone ownership is substantially greater. Smartphones are being used for a variety of tasks, including internet shopping, social media apps, and product research.

As a result, web traffic is shifting from desktop to mobile, making botnet attacks a profitable target. Because of these worrying figures, bot security firms are focusing more on mobile security. As a result, bot security suppliers are projected to benefit from the shift in online traffic to mobile.

In numerous regions of the world, the rise of…

Source…

Aniview Renews Partnership with HUMAN to Continue Safeguarding Its Video Ad Platform From Sophisticated Bot Attacks

/in


NEW YORK–()–Aniview (https://www.aniview.com/), a global video technology company playing a central role in delivering digital advertising for publishers, and HUMAN (https://www.humansecurity.com/) Security Inc., a global leader in collective protection against sophisticated bot attacks and fraud, renew their partnership to help Aniview protect its customers’ inventory from sophisticated automated cybersecurity risks. This further strengthens the two companies’ partnership, empowering publishers and advertising networks on the Aniview platform continued access to HUMAN’s MediaGuard advertising fraud product.

Twenty-twenty-one was a tumultuous year (https://www.securitymagazine.com/articles/96496-ddos-attacks-and-botnets-in-2021-mozi-takedowns-and-high-frequency-attacks-reshape-the-threat-landscape) for botnet attacks, with PARETO (https://www.humansecurity.com/newsroom/human-formerly-white-ops-together-with-newly-formed-human-collective-and-industry-leaders-google-roku-announces-discovery-and-disruption-of-pareto-ctv-botnet), a highly sophisticated fraud operation, amassing an army of nearly one million bots to target CTV ad-ecosystems via mobile apps. The botnet used dozens of mobile apps to impersonate or spoof more than 6,000 CTV apps, accounting for an average of 650 million ad requests every day. PARETO used sophisticated techniques to hide its identity across the ecosystem, but was ultimately discovered and disrupted by HUMAN and the Human Collective in April 2021.

By renewing its partnership with HUMAN, Aniview is able to successfully identify and further eliminate threats of this nature from within its platform. The successful exposure of PARETO was enabled by Aniview’s dedicated approach to implementing HUMAN’s guidance, including adopting all industry anti-fraud standards across their platform and installing a dedicated quality leader. It has also better prepared Aniview and its customers for further cybersecurity challenges for the road ahead, placing it on stronger footing for the next generation of ad fraud attacks from bad actors.

“We’re incredibly pleased to continue our successful relationship with HUMAN,” says Alon…

Source…

Bot malware uncovered using gaming applications on Microsoft store

/in


Check Point Research has revealed a new malware Electron-bot that is actively being distributed through Microsoft’s official store. 

With more than 5000 machines already affected in 20 countries so far, the malware continually executes attacker commands, such as controlling social media accounts on Facebook, Google and Sound Cloud. The malware can register new accounts, log in, comment on and “like” other posts. 

CPR urges users to immediately delete applications from a number of publishers.

Dubbed Electron-bot by CPR, the malware’s full capabilities include SEO poisoning, an attack method in which cybercriminals create malicious websites and use search engine optimisation tactics to make them show up prominently in search results. This method is also used as a sell as a service to promote other websites ranking.

The malware also utilises Ad Clicker, a computer infection that runs in the background and constantly connects to remote websites to generate ‘clicks’ for advertisement, hence profiting financially by the amount of times an advertisement is clicked.

It can promote social media accounts, such as YouTube and SoundCloud to direct traffic to specific content and increase views and ad clicking to generate profits, as well as promote online products, to generate profits with ad clicking or increase store rating for higher sales.

 

In addition, as Electron-bot’s payload is dynamically loaded, the attackers can use the installed malware as a backdoor in order to gain full control on the victim’s machine.

“This research analysed a new malware called Electron-bot that has attacked more than 5000 victims globally,” says Daniel Alima, Malware Analyst at Check Point Research.

“Electron-bot is downloaded and easily spread from the official Microsoft store platform. The Electron framework provides Electron apps with access to all of the computer resources, including GPU computing. 

“As the bot’s payload is loaded dynamically at every run time, the attackers can modify the code and change the bots behaviour to high risk,” he says. 

“For example, they can initialise another second stage and drop a new malware such as ransomware or a RAT. All of this can…

Source…

Privacy vs. Security: Is Your Bot Mitigation Solution Effective in the Wake of Web Privacy Trends?

/in


Bad Bots Disguise as Humans to Bypass Detection

Bot mitigation providers place significant emphasis on stopping bots with the highest degree of accuracy. After all, it only takes a small number of bad bots to get through your defenses to wreak havoc on your online businesses. One challenge of stopping bad bots is keeping false positives to a minimum (where a human is incorrectly categorized as a bot).

The more aggressively rules are tuned within a bot mitigation solution, the more susceptible the solution becomes to false positives because it needs to decide whether to grant requests for indeterminate risk scores. As a result, real users are inadvertently blocked from websites and/or being served CAPTCHAs to validate they are indeed humans. This inevitably creates a poor user experience and lowers online conversions.

Much of the ongoing innovation in modern bot mitigation solutions has been a reaction to increasing sophistication of the adversary. The fact that bad bots increasingly look like humans and act like humans in an attempt to evade detection makes it more difficult to rely on rules, behaviors, and risk scores for decisioning – making false positives more pronounced.

Humans Now Disguising Themselves for Privacy

A more recent trend is exacerbating false positives, and without proper innovation, it renders legacy rule and risk-score dependent bot mitigation solutions inadequate. It results from the accelerating trends related to humans taking action towards more privacy on the Internet. Ironically, the move towards more privacy on the web can actually compromise security by making it even more difficult to distinguish between humans and bots. 

To understand why it’s essential to know how the majority of bot detection techniques work. They rely heavily on device fingerprinting to analyze device attributes and bad behavior. Device fingerprinting is performed client-side and collects information such as IP address, user agent header, advanced device attributes (e.g. hardware imperfections), and cookie identifiers. Over the years, the information collected from the device fingerprint has become a major determinant for analytics engines used to whether the request is bot…

Source…