AusCERT 2017 – Local start-up takes out best security initiative award at AusCERT 2017

With so many security projects and initiatives taking place across Australia and New Zealand, being chosen as the best security initiative of the last year is a great recognition of strong work over the last year. Kasadawas rewarded for their work on thwarting bot attacks at the 2017 AusCERT conference.

Sam Crowther, the founder of Kasada said “The award really confirms the strength of our roadmap and the unique approach we’re taking to address these specific bot threats that we’re seeing”.

While botnets aren’t new, Crowther says the lesser recognised aspect of these attacks is how they can be used attack specific part of applications. While many people associate botnets with DDoS attacks, bots can be used to target specific application functions rather than entire servers or platforms.

This is what drive Crowther to found Kasada and create Polyform.

“Let’s take one customer we have, who has a log-in page. What some attackers will do is use a tool to get millions and millions of stolen usernames and passwords and millions of proxy networks around the world to perform automated log-in attempts on many websites using these stolen credentials. Because we re-use usernames and passwords across different services, in some cases they are having up to a 2% success rate on these stolen credentials,” said Crowther.

With these threat actors using as many as 16 million sets of stolen credentials at one time, 2% represents a significant number of successful, but unauthorised, log-ins.

“In some cases, these are linked to bank accounts,” said Crowther.

When large systems are breached, such as LinkedIn, Yahoo! and others, the stolen credentials are initially parsed by the hackers to remove duplicates and to crack passwords, where they are not encrypted, weakly encrypted or not salted.

The credentials are then sold on the dark web and, using hacking tools that are freely available and easy to use, they can automate their attack using the stolen credentials. They receive reports telling them which sites are vulnerable to the attack.

Kasada’s value is that they make it “more computationally expensive” to attack a site.

“It turns the tables on this kind of attack. Traditionally, you needed to have huge server farms to be able to withstand some of these attacks. We’ve developed a system that takes a lot of that load. And, we’re able to tell the difference between bots and humans interacting with a website. That differentiates us and remove the economy of scale that the attackers can exploit,” said Crowther.

In the famous story of the two campers being chased by a bear, Kasada ensures you can “outrun” the other campers so that the bear, or threat actor, attacks them rather than you.

Polyform’s focus is on Layer 7, which is where these attacks take place. However, Crowther says the company is also looking at moving their protection to mobile APIs. This is critical as more companies use shared services.

As well as log-ins, Crowther says there are broader applications to the technology he and the team at Kasada have developed. Any threat that relies on bots, such as content scraping, can be made more difficult for hackers as Polyform can tell the difference between the actions of a real person and an automated process.

For example, if a retailer uses a scraper to check competitor websites and then alters its pricing to match or undercut, Crowther says Kasada’s technology can be used to break the automation this relies on. Similarly, ticket scalping is another potential market this can be used with.

With more and more automation and machine learning becoming a part of the security landscape, it’s good to see a local company stepping up to the plate and creating solutions to protect businesses from these new threats.