How To Disrupt The Web Attack Lifecycle

The cyber threat landscape has changed. Web attacks that were once separate and distinct have come together in a continuous and integrated cycle of cybercrime. One kind of attack fuels another, propagating and prolonging an attack lifecycle that hits consumers everywhere along their digital journey — and web apps are a prime target.

So, let’s start by looking at what’s driving the changes.

1. Attacker Profiles - Cybercriminals aren’t just computer science students and amateur botters looking to make some extra cash. Cybercrime is an industry made up of savvy professionals that launch sophisticated attacks that can have a material negative impact on your business.
2. Sophistication - Advances in technology have allowed attacks to become increasingly advanced: bots that rotate IP addresses, solve CAPTCHAs and mimic human behaviour; malicious code that loads dynamically to avoid static scanners; and targeted custom malware.
3. Location - Of course attacks still take place on login and checkout pages, but they also occur before and after those checkpoints on nearly all of your website pages. Some attacks even happen on users’ browsers beyond the purview of typical web controls like web application firewalls (WAFs).
4. Value - Today’s online accounts hold more personal data than ever before, including stored credit card numbers, gift card balances and airline miles and personally identifiable information (PII). This means cybercriminals can reap even bigger rewards from a successful cyberattack.

3 Stages of Cybercrime

Modern cyber attacks are continuous and cyclical. One attack feeds another, such as a PII breach on Website A fueling a downstream account takeover attack on Website B. Because of this, a new understanding of the web attack lifecycle is required.

We break down the web attack lifecycle into three stages: theft, validation and fraudulent use.

• Theft: Attackers steal credentials, payment data and other sensitive information via PII harvesting, digital skimming and phishing attacks. This data is then put up for sale on the dark web.
• Validation: Cybercriminals deploy bots to validate stolen credentials and payment information via login and checkout attempts on popular websites. The validated information can be used to commit fraud or sold on the dark web.
• Fraudulent Use: Bad actors use validated credentials and payment data to take over accounts, make fraudulent purchases, create fake accounts, submit fake credit applications and otherwise impersonate someone’s identity. Malware can be distributed by compromised accounts, enabling the theft of even more PII and starting the cycle all over again.

Businesses must enable comprehensive protection at every stage of the user’s digital journey in order to stop the web attack lifecycle. Solutions must include proactive detection and fraud prevention, real-time threat blocking and post-attack insight-gathering to inform future decision making. Stopping real-time bot attacks and client-side threats is critical and necessary, but it’s only one piece of a larger puzzle.

The post "How To Disrupt The Web Attack Lifecycle " was posted on Security Boulevard authored by Kim DeCarlis of Perimeter.