SBN

Elon, Bots, and Rampant Fraud on the Web

Elon, Bots, and Rampant Fraud on the Web

Elon Musk recently highlighted a big problem with Twitter: bots. We all know bots have been a significant problem on Social Media platforms. What makes bots so bad? Aside from the well-known issue of fake comments creating social toxicity and polarity, bots are also responsible for running financial scams on social media platforms. Examples include "Elon giving away free bitcoins" and "Free Airdrop,” fake ads on social media platforms and links to phishing sites, and executive impersonation on social media platforms.

These scams cause real financial damage even to sophisticated users of social media platforms, and in turn, they impact business brands and reputation. Not only do these businesses lose top-line revenue, but they also lose customer trust forever. If fraudulent activities by bots can jeopardize acquisitions and public market valuations, then we have a bigger problem than we imagined.

Unfortunately, even one of the best-maintained platforms and my favorite social media platform, LinkedIn, is now getting impacted by these bots at scale. In a recent article by Brian Krebs, Brian highlights a glut of fake CISO profiles on LinkedIn, leading to an identity crisis leading to breaches.

Does this mean Social Media teams are not doing what they need to keep their platforms safe? That is actually not true. I know many friends who work in security and fraud teams at multiple social media companies. They are the most innovative and hardest-working people you will find who are committed to fighting bad actors. For example, the security teams at LinkedIn are one of the best and have done a phenomenal job keeping LinkedIn safe.

On top of that, all social media companies spend millions of dollars fighting bots and bad actors. Yet, the bad actors can get through the defenses quickly and impact users and businesses. This is because bad actors have massive amounts of automation, and the cost to run these automated bots is at an all-time low with the public cloud infrastructure, and costs will continue to go down.

These bots are also targeted at enterprises and SMBs on multiple fronts. Such as

1.       DDOS Attacks

2.       Vulnerability Scanning

3.       Credential Stuffing & credit card chargebacks

4.       Scraping websites for embedded secrets

5.       Typosquatting and look-alike domain registrations of businesses and then using typo squat domains to create phishing and scams sites

6.       They are setting up phishing sites at scale, harvesting victims' credentials, and then selling on the dark web. Security teams spend hundreds of thousands of dollars on Threat intelligence feeds to get alerted about these scams; however, they rarely can prove ROI on their investments.

7.       Fake ads, posts, and executive impersonations on social media platforms, search engines, and mobile app stores.

8.       Breach data, stolen credit cards and hacker chatter on Darkweb

While we have reasonable solutions for the first four security and fraud problems, the last four issues, categorized as "Digital Risk Protection," are solved manually via threat intelligence and humans. Unfortunately, legacy solutions in the market rely on massive amounts of stale threat intelligence, which is often manually reviewed by human analysts to find a needle in a haystack and then take action.

Security teams at businesses have severe limitations with the vendor options they have in the market. Some of the significant challenges that they deal with are:

1.       Large enterprises often buy multiple threat intel feeds to solve the above problems, but then they have to spend substantial human resources to operationalize that threat intelligence. Even then, they can only solve for detection. They need a separate team or external resources to issue takedowns on hosting providers and social media platforms.

2.       Threat intelligence feeds do not provide continuous monitoring. Instead, it is just a point-in-time signal that security analysts have to analyze and interpret, then create tickets for other team members to take action.

3.       It takes a long time to demonstrate value and show ROI to their executive and finance teams.

4.       Most of the legacy solutions in Digital Risk Protection spaces have a complex user interface. They are just ticketing systems where security teams of businesses open tickets to detect bad stuff from massive alerts generated by threat intel feeds and actions.

5.       The Digital Risk protection market is highly fragmented. Therefore, there is no solution to cover the entire journey from domain registration to open web, social media platforms, marketplaces, app stores, and dark web. Unfortunately, this leads to security teams and CISOs having to spend significant amounts of time finding multiple vendors to solve related problems and spending more money than needed.

My co-founder Shashi Prakash and I spent a significant amount of our early career writing signatures for detecting vulnerabilities, phishing, malware, and spam. However, after writing signature after signature, we realized that it was not scalable and that we would never win the fight. It led to utilizing deep learning and computer vision to solve these problems and create Bolster. From day one of Bolster, our goal was to build security products that are

1.       Easy to use and deploy

2.       Swift time to value

3.       Provide the highest ROI by utilizing automation and deep learning

4.       Best customer experience

5.  Automated and scalable through AI

At Bolster, we have built a platform that covers the entire journey from domain registration to protection on the Open web, social media, marketplaces, mobile app stores, and dark web. The Bolster platform automates the detection, continuous monitoring, and remediation across multiple vectors. I am delighted to share that this has led to rapid adoption by our customers. Despite the market conditions, we have grown our customer base by over 3X YOY. As this problem is increasing at an unprecedented rate, we are seeing significant inbound requests from businesses looking to address this problem. To keep up, we have to grow our team, and I am delighted to share that we have raised a new round of investment.

Today we announced $15 million in funding from an incredible group of investors and entrepreneurs who have built companies like Zscaler from the ground up. I am incredibly proud of the Bolster team's work. In addition, I couldn't be more thankful to our customers, family members, investors, advisors, and partners, who have provided us with unwavering support from the beginning.

I am more excited than ever to address this massive problem. At Bolster, we are committed to our mission of "Building the most automated and easy-to-use products to combat digital fraud and make the Internet safe for everyone."


To learn more about how we can help protect your customers and employees, request a demo to see our AI-powered platform in action.

*** This is a Security Bloggers Network syndicated blog from Bolster Blog authored by Abhishek Dubey. Read the original post at: https://bolster.ai/blog/elon-bots-and-rampant-fraud-on-the-web/