Automation is a common talking point throughout boardrooms as businesses strive to increase efficiency by automating processes. Equally, attackers have embraced automation and are creating new types of attacks to reach far and wide with very little effort!

An automated attack is simply when computers do the heavy lifting in finding vulnerable websites to exploit (as opposed to a hacker doing this manually in their basement). Attackers will have a mission to obtain information of sorts and will write specially crafted scripts to conduct criminal activity in order to access this desired information.

An automated script will generally trawl the web looking for random vulnerabilities to exploit, however targeted scripts are becoming ever more common. These targeted, automated attacks are being tailored to gain access to something specific via a victim’s website.

Past victims of automated attacks include organisations which offer reward programs, digital wallets or digital currencies to their consumer. However, it really is any organisation that opens up access to information on the web that can be at risk.

Common targets include any website where a consumer holds an account containing an asset which can be transferred to a cyber-criminal to resell on the black market or be used as ransom to bribe an organisation. This asset can be in many forms such as reward points, store credit, credit cards, gift cards, online gambling credit, stored bank card details, event or travel tickets and any type of personal information.

Every business to consumer brand is at risk of automated attacks and traditional security solutions are failing to address this threat with signature or list based technologies. Detection is the first step in defending your organisation but do you need to be looking at ways to stop and deflect attackers efforts before the damage is done?

In part 2 guest blogger Sam Crowther, founder of security solutions vendor Kasada, talks more about the techniques attackers are using and how reactive detection alone will never be enough. Till then!

http://www.vmtech.com.au/blog/automated-attacks-part-1/