Tag: Defending Applications
Bots are not new. Attackers have used bots to achieve scalability in a variety of attack techniques for decades, and defenders have been fighting bots, to varying degrees of success, for just as long. However, two events in 2022—the prolonged acquisition of Twitter by Elon Musk, with its attendant discussion about exactly how much of…
Read MoreIn July 2020, the FBI Cyber Division issued Flash Alert AC-000129-TT reporting that malware had been found in the software used to calculate China’s value-added tax (VAT). However, the Chinese State Taxation Administration requires companies to install this particular software to operate within China. Third-party applications are already risky, but here a pre-infected application was…
Read MoreNeutral/Mixed Intentions Many of the actors in this system are neither completely benign nor completely malicious. Some of these practices are bifurcated into legal and illegal practices, such as the rather obvious distinction between criminal and benign payment facilitators. Some of these provide services that can genuinely be used either way, such as reshipping services…
Read MoreDuring the reconnaissance period there were low levels of automated activity associated with resellers testing and configuring their bots in preparation for the January 11th sale (see Figure 1). Once the sale starts, the sale event period is categorized by a drastic spike in automation against the “add to cart” flow within the first few…
Read MoreIntroduction The first Chief Information Security Officer, or CISO, was named 29 years ago: After Russian hackers infiltrated financial services giant Citicorp (now Citigroup) in 1995 and stole more than $10 million, the Citigroup Board instructed the company’s CEO to recruit a security executive to improve the company’s digital defenses. That person was Steve Katz,…
Read MoreIntroduction Identity is one of those bedrock concepts in security that seems simple and intuitive when we use it in our daily lives (“Hi Bob!”), about ourselves (“I’m a chef!”), and in personal (“You’re my friend!”) and intimate (“I love you!”) contexts. Yet when we build or deploy systems that rely on identity — a…
Read MoreLooking Back How times have changed! Looking back at our 5 Cybersecurity Predictions for 2023 there was not a single mention of AI. And yet, here we are wrapping up 2023 (pun very much intended) and it seems almost impossible to read a headline in which AI is not somehow involved. While we may have…
Read More