It’s not just people doing the work of cybercriminals, but also automated attacks, as bots from within the country look for ways to steal your information.
By now, you’re probably aware of just how big a deal security is online, and with every attack, every flaw, and every instance that someone has lost money, data, or their identity to the dark recesses of the web, it can hit a little closer to home.
Security issues can affect everyone, and while security software can help safeguard our presence online as individuals, education is still critical, and businesses may need to look to a greater understanding to prevent their archives of information from being opened up by the wrong people.
Your information is often protected by these businesses, and when you shop at one or leave your details, you entrust that website to keep it guarded. Most will, at least until a breach, and while breaches can occur at the hands of someone with some handy skills, these days, it might actually be something far more automated doing the breaking and entering to get at that information.
Australian security organisation Kasada has been researching this, and with a recent report has found that many of the attacks occurring on websites are coming from lines of code that run as automated bot, engineered to look like a human and trick the website into thinking it is real traffic and not something far less than authentic.
“As many aspects of our lives are global – and much of our information now lives online – this shift places tremendous emphasis on businesses to protect and defend against potential threats,” said Sam Crowther, CEO of Kasada.
The shift Crowther talks of is that of bots attacking websites, swarming a website as if they were users, slowing it down and looking for ways to help a cybercriminal break in, which can then take that information and customer data.
Stolen information can lead to other attacks later down the track, such as using it to phish for more information (much like those scamemails you’re probably used to seeing) or just plain credential abuse in brute-force hacking whereby someone tries to push their way into your account by guessing a password.
Criminals do this because that information is worth money, and whether that’s acquired by selling the information on the black market or ransoming it back to you, cybersecurity can be incredibly lucrative for those involved in the underbelly.
Interestingly, though, Kasada’s study has found that many of these attacks are coming from within Australia, with international criminals using local networks to throw website owners off the scent. Localised bots disguised as real web users infers legitimacy, and according to Kasada, a good portion of the country’s leading 250 websites can’t see the difference between a bot and a regular web user.
Those findings showed that credential abuse attacks were coming from Australia, with 90 percent of those sites failing to prevent a bot from trying to gain access by using the beginning of brute force tactics in credential abuse. While they may have been picked up in the time they were happening, it wasn’t something all did, with Kasada’s report “Bots Down Under” detailing that the attacks were “lasting days of weeks before being detected”.
“Bots Down Under is designed to educate Aussie businesses on the local threat landscape distinct to Australia,” said Crowther.
“Attacks, particularly credential abuse, have the capacity to comprise everything from a customer’s personal information to business, and even national, security,” he said.