Image by Shutterstock
There’s been an uptick in stolen accounts as criminals increasingly rely on a tool that bypasses most bot management systems.
Threat actors found a way to “solve” a bot detection system’s defense and are now selling these so-called solver bots for profit. As a result, there’s a significant uptick in stolen accounts.
For example, one website in particular currently has a total of 55,000 cracked accounts for sale. There’s been a 230% increase in stolen accounts in the top 4 countries (US, UK, Germany, and Sweden) year over year.
How does it work?
Solver bots are API-as-a-Service tools created by threat actors to bypass bot management systems. Once a criminal figures out how to bypass the system, that technique becomes very valuable.
“Instead of selling the technique or code to other bad actors for profit, the original “Solver” of the bypass creates a cloud service that other bad actors can subscribe to, and the original “solver” will do the bypass for all subscribers,” Sam Crowther, CEO of bot mitigation firm Kasada, told Cybernews.
This trend causes security teams a headache – once a criminal solves a defense, they sell it at scale for a profit. According to Crowther, threat actors with little or no technical skills can now conduct automated bot attacks without having to worry about what bot defenses a site may have in place.
“We should be concerned because if there’s a market for people to pay for the skills to bypass these tools, these services will always exist. And more often than not, it’s much cheaper for people to beat anti-fraud and anti-bot solutions than for companies to use and maintain them,” he added.
Solver services pose a vulnerability for organizations, but, unlike with a typical flaw where teams rush to patch it, vendors, according to Crowther, “aren’t doing anything to their software to defend against these services.”
In the past 12 months, Kasada has observed over a 750% increase in solver bots used for log-in abuse/account takeover within e-commerce.
Solver bots make up more than 95% of eCommerce bot traffic, up from 10% just a year ago.
“There’s an increase in solver bots purely because the more that anti-bot and anti-fraud companies grow, the more of a market there is. The impact of the success of the anti-bot industry is that it has inherently created solver bots and solver services,” he said.
As a result, there’s been an uptick in stolen accounts. On one website alone, there are 55,000 stolen accounts for sale. In the US, there’s been a 250% increase in stolen accounts (over 30,000 compared to 8,400 a year ago). And that’s only what we can tell by looking at the data from one source.
Crowther believes that the majority of bot management solutions aren’t strong enough and therefore can be easily bypassed by solver bots.
“No one in the industry is talking about it, so vendors may or may not be aware. Either way, I don’t think people realize the extent of the problem. The same problem set doesn’t really exist in other areas of cybersecurity where adversaries are selling easy-to-use software to circumvent the solutions,” he said.