What can googly-eyed robots and CAPTCHAs tell us about cybersecurity?
Cyber-attackers are becoming more sophisticated with bot-based intrusions that bypass barriers. How can your business ensure proper network security?
One of the recent top-trending videos on YouTube features a cybersecurity breach in progress. Watch below to see how easily a determined agent is able to bypass one of the internet’s most common network security measures.
For those who can’t watch the video, it shows a robotic arm using a stylus to solve a CAPTCHA – the familiar “I am not a robot” checkbox found on many websites. While it’s easy to admire that robot with its cheeky and defiant stylus drop, bots slipping past digital barriers present a real risk to network security.
Today, we’ll take a closer look at these security measures and why cyberattackers are trying to circumvent them.
What is a CAPTCHA?
CAPTCHA, which stands for Completely Automated Public Turing Test To Tell Computers and Humans Apart, is immensely popular, with over 270,000 websites using some form of the application in the week ending January 22, 2017, according to statistics from Drupal.
It’s virtually impossible to browse the internet without running into a CAPTCHA – those security checks that ask users to prove they aren’t robots by retyping distorted text, clicking on matching images or performing some other verifying task.
Over 6,000 .com.au websites use reCAPTCHA services.
The CAPTCHA system was developed in 2000 by Luis von Ahn, a computer science graduate student at Carnegie Mellon University, and his advisor, Manuel Blum. Though it has undergone several evolutions since then, its purpose has stayed the same: to block access to software bots while letting humans through.
Australian businesses are big fans of this security measure, especially Google’s iteration – reCAPTCHA. Website profiler BuiltWith found that nearly 6,000 sites with an Australian domain address use reCAPTCHA, making the country the fifth-highest user of the application globally.
Rise of the machines
But why is blocking bots such a high priority in cybersecurity? There are several ways that bots can be used to advance a malicious agenda.
An early use of bots, which CAPTCHA services were employed to combat, was ticket scalping – a practice where scalpers used software bots to purchase massive amounts of tickets online in a short period of time, cutting the supply and enabling those scalpers to resell the tickets at massively inflated prices. By using a CAPTCHA, ticket vendors could prevent these bulk orders and give consumers a more even playing field.
A DDoS attack uses a swarm of bots to overwhelm and shut down a website.
Newer bot-based attacks, on the other hand, are far more sophisticated and potentially damaging to their targets. Take distributed denial of service (DDoS) attacks, for instance. In this tactic, malicious actors use bots to send a flood of requests to a website. Unable to handle that much traffic at the same time, the site goes down.
These attacks are typically used to shut down a site for a certain period of time, or for financial gain – attackers threaten to keep the DDoS attack up until the victim pays them off. A CAPTCHA system can serve to block access requests from bots, acting as a preventative measure against DDoS attacks. This is an important consideration for at-risk organisations; Verizon found over 9,600 DDoS attacks last year in its 2016 Data Breach Investigations Report.
The danger of CAPTCHA-dodging malware
For all the good it does in preventing bot access, CAPTCHA is not a catch-all. This was illustrated by a case of malware discovered in apps on the Google Play store.
In 2015, internet security firm Bitdefender reported malware – known as Android.Trojan.MKero.A – attached to apps downloadable from the official Google Play store. This particular trojan is notable for its ability to bypass CAPTCHA checks. Two apps affected by MKero are quite popular, boasting between 100,000 and 500,000 downloads each – representing a staggering number of potentially compromised devices.
#BitdefenderLABS: a sophisticated CAPCHA-bypassing Android #malware was found in Google Play: http://t.co/WeU6QwZAYS pic.twitter.com/CORHSkJXvt
— Bitdefender (@Bitdefender) September 8, 2015
The MKero trojan works behind the scenes to activate premium subscription services without the device owner’s knowledge. When it comes across a CAPTCHA request, the malware automatically redirects the image to an anti-CAPTCHA website – a service that pays individuals to recognise and solve CAPTCHAs for clients. This site provides CAPTCHA answers within seconds, letting the trojan bypass the security measure and completing the sign-up process.
Sophisticated security for advanced attacks
While the MKero trojan is limited in scope, it represents a real vulnerability for organisations. With the ability to bypass CAPTCHA checks, cybercriminals can employ bots to carry out more damaging attacks on their targets. These can range from phishing and spam to identity theft.
Given this risk, organisations need to take proactive approaches to network security. These include regular maintenance to ensure protective measures can stand up against the ever-evolving field of cyberthreats.
Many organisations do not have the resources to devote to this endeavour, so partnering with a trusted team of experts is a strong alternative. That is the gap Telarus Managed Security has been designed to fill. This service offers sophisticated protection for your network, giving you the peace of mind to operate in an increasingly digital world.
To learn more about Telarus Managed Security, contact us today.