Cequence Security, a provider of innovative application security solutions for today’s hyper-connected enterprises, today announced CQ Prime, a new threat research initiative led by the data science and threat intelligence teams at Cequence. CQ Prime researchers also issued inaugural research findings on Bulletproof Proxies, a relatively unknown infrastructure service increasingly leveraged by bad actors to scale and obfuscate automated bot attacks against public-facing applications.
CQ Prime will focus on delivering qualitative analysis on the four elements that comprise an automated malicious bot attack: infrastructure, tools, credentials and behavior. The CQ Prime mission is to understand the inner workings of these attacks and share the findings with Cequence customers and the security industry to help improve their collective prevention efforts.
The inaugural research report, Bulletproof Proxies: The Evolving Cybercriminal Infrastructure, focuses on a rapidly growing class of infrastructure providers that have taken the concepts of anonymity and availability found in Bulletproof Hosting and extended them to the delivery infrastructure required to launch automated bot attacks against public facing web, mobile and API-based applications. Bulletproof Proxy providers include millions of globally distributed residential IP addresses in their namespace that are marketed under the false pretenses of being used for legitimate purposes and aggressively compete against one another for their share of adversarial buyers. Among the key findings in the inaugural research report:
- The least expensive Bulletproof Proxy package allowed the CQ Prime team to send requests through more than 853,000 IPs that were distributed across 218 different countries. Some of the most robust providers advertise networks larger than 32 million IP addresses distributed globally;
- Attacks emanating from Bulletproof Proxy networks targeting Cequence financial services and retail customer environments increased 518 percent and 800 percent respectively between Q1-Q2 2019; and
- More than 70 percent of the attack traffic across Bulletproof Proxy networks targeted mobile endpoints.
“We created CQ Prime to analyze and profile new generations of more sophisticated, advanced cybercriminal attack strategies targeting the web, mobile, and API-based applications that connect and power today’s organizations,” said Will Glazier, head of CQ Prime research at Cequence Security. “The initial focus of CQ Prime will be research on the growing number of malicious, automated bot attacks and the four key components of each unique attack: user credentials, infrastructure, tools, and behaviors. These attacks, which are nearly impossible to detect with legacy security tools, abuse business application logic, enabling bad actors to achieve various fraud and theft objectives.”
“According to a recent study in MIT Technology Review, a distributed botnet of around 30,000 bots can rake in an easy $26,000/mo in revenue for the cybercriminals. Spam advertising with 10,000 bots rakes in approximately $300,000/mo, and bank fraud with 30,000 bots can generate over $18 Mn a month. Being in business as a botmaster is unarguably lucrative, so networks such as these Bulletproof Proxies and the continued investigations that CQ Prime will do in this shadow economy fills a critical gap in the counterintelligence efforts that are so crucial to defenders,” said Alissa Knight, Senior Analyst with Aite Group, an analyst firm in the financial services industry.
The inaugural CQ Prime analysis of automated malicious bot campaigns was conducted across three industry verticals, where Bulletproof Proxies were found to be used extensively as a means of distributing the attacks globally across millions of high reputation, residential IP addresses (such as routers, refrigerators, IoT devices, garage door motors, and others). We found that the use of these networks is trending upward rapidly with a 361 percent increase in activity between Q1 and Q2 2019.
“We’re finding easily accessible marketplaces where bad actors can trade tools, techniques, and targets,” explained Glazier. “For example, there is an endless supply of stolen credentials traded like commodities, attack management toolkits as well as access to ‘Bulletproof Proxy’ networks that enable wide-scale distribution of attack traffic and anonymization.”
CQ Prime will go live on August 1st and the team will periodically publish research reports that focus on the four components that bad actors need in order to launch automated bot attacks. Download the report and learn more about CQ Prime at www.cequence.ai/threat-research/.
About Cequence Security
Cequence Security is a venture-backed cybersecurity software company founded in 2015 and based in Sunnyvale, CA. Its mission is to transform application security by consolidating multiple innovative security functions within an open, AI-powered software platform that protects customers’ web, mobile, and API-based applications – and supports today’s cloud-native, container-based application architectures. The company is led by industry veterans that previously held leadership positions at Palo Alto Networks and Symantec. Customers include F500 organizations across multiple vertical markets, and the solution has earned multiple industry accolades, including 2018 Gartner Cool Vendor. Learn more at www.cequence.ai.