IT NewsMarket newsSecurity
Ekaterina Alexandrova | 10/30/2020
Group-IB has unveiled the new Fraud Hunting Platform, a comprehensive anti-fraud system.
With its help, in the first 6 months of this year, it was possible to prevent damage in the amount of 320 million rubles. in five large Russian banks. Fraud Hunting Platform protects 130 million users daily.
A new product, Preventive Proxy, is also introduced. It was created in response to the growing problem of malicious bots attacking the e-commerce and online banking market. According to Group-IB, on
malicious bots account for about 30% of internet traffic. The most common of them, however, are bots used to guess passwords using previously stolen credentials. Their share
is about 60%.
The comprehensive Group-IB Fraud Hunting Platform now plays a major role in protection. It became the successor to the Secure Bank Secure Portal product line, which Group-IB has been developing since 2013,
having won a grant from the Skolkovo Foundation for the innovative development of a means of protection against online fraud.
Digital identity with your ID
Real-time Group-IB Fraud Hunting Platform analyzes
every session and user behavior both on the web resource and in the mobile application. Based on behavioral analysis and machine learning algorithms, the system creates a unique digital
the fingerprint of the devices, “connects” the user and his accounts with them, which makes it possible to more accurately distinguish his actions from the actions of fraudsters, even if they, for example, took possession of his mobile
phone or payment information. This technology is called Global ID – global user identification.
At the same time, a single information environment for all Group-IB products allows the Fraud Hunting Platform system to use unique Threat Intelligence data, which makes it possible to identify hidden
threats and suspicious connections, use this information in the investigation, as well as “hunt” for intruders, reaching out to the persons involved in the incident.
“We have introduced the Fraud Hunting Platform system to the Russian market, which is capable of operating in a high-load mode, processing tens of millions of requests for Internet resources and mobile applications.
simultaneously blocking malicious activity on them, – says Pavel Krylov, head of online fraud prevention at Group-IB. – The new system can be called
an evolutionary evolution of the Group-IB family of online fraud protection products: it is high performance, easy to integrate and uses proprietary attack detection technologies before
implementation. The global mission of the Fraud Hunting Platform is to hunt not only the threats, but also the attackers behind these attacks. ”
A “bad” bot will not work
Preventive Proxy created specifically for companies
working in the field of online commerce, as well as the “classic” business selling products and services over the Internet. The inclusion of Preventive Proxy in the Fraud Hunting Platform makes it possible
recognize “good” bots (for example, search engines Yandex, Google) and malicious ones, with the help of which cybercriminals carry out various attacks on companies’ websites, web and mobile applications.
According to Group-IB, legal bots account for about 20% of all Internet traffic, and malicious ones – about 30%. The task of Preventive Proxy is to provide comprehensive protection of websites, mobile applications and their
users from hacking accounts, collecting personal information from personal accounts, illegal copying of copyright content from sites, “attacks” on the mobile API and its
Preventive Proxy can be deployed in a web or mobile application infrastructure, or used through the Group-IB cloud. Smart bot protection also uses behavioral analysis to
detecting malicious bot activity. Preventive Proxy, for example, examines user behavior in order to assess who is performing certain actions on the network – a person or a bot. Also, the solution
collects browser, application and device parameters, protecting the real user session from being reused by “bad” bots. At the same time, Preventive Proxy does not block requests from
trusted sources or legal bots.
Botosoo: variety of species
“Bad” bots are included in the top 5 major cyber threats in 2020 by the international analytical agency Forrester. Group-IB has calculated that up to 60% of the activity of “bad” bots falls on Credential
stuffing (attacks using stolen credentials). The share of scraping (from the English “scraping”, a technology for obtaining web data by extracting them from web resource pages) is 30%. More
10% falls on other types of fraud.
Having analyzed the types of malicious bots, Group-IB experts came to the conclusion that in 80% of cases, for example, in Credential stuffing, cybercriminals use shell bots that make direct
accessing the server from the console. Scraping attacks (20%) involve web bots; these are more intelligent bots, for which, as a rule, headless browsers are used. These are scanners
vulnerabilities, scrapers, spammers, bots for auto orders, purchase of goods. The third category of malicious bots (less than 1%) emulate human behavior, for example, to authorize and verify accounts
information security, cybersecurity, tools