Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Billions of Malicious Bots Take to Cipher-Stunting to Hide
#1
Quote:Attackers have been tampering with TLS signatures at a scale never before seen using a technique called cipher-stunting.
 
When it comes to cyberattacks, adversaries are focusing not just on advanced malware development, but also on increasing the sophistication of their evasion techniques. This is playing out lately in the form of ballooning instances of “cipher stunting” – a TLS tampering technique that helps malicious bot activity masquerade as live human traffic on the web.
 
The idea is to avoid the web client fingerprinting technologies that help security tools and human analysts to differentiate between legitimate clients and impersonators/bots. The latter are often used in credential-stuffing attacks on login pages, for committing ad fraud, automated vulnerability scanning, credential-scraping and more.
 
Website traffic is usually carried out via HTTPS or HTTP over SSL/TLS, the most common encrypted network traffic protocols. Fingerprinting generally maps SSL/TLS handshakes and the information provided during those handshakes by the client, which is presented in the form of a “ClientHello” message. This contains the protocol version, a list of supported cipher suites used and other data. By building a real-time snapshot of the user-agent (client) that’s connecting to a website, defense mechanisms are able to evaluate that user-agent in order to spot suspicious bot activity.

SOURCE: https://threatpost.com/billions-bots-cip...ng/144763/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
Billions of Malicious Bots Take to Cipher-Stunting to Hide - by silversurfer - 16 May 19, 12:54

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>