Combating Fraud from Stolen Cookies: Introducing SpyCloud Session Identity Protection

WEBINAR

Combating Fraud from Stolen Cookies

Introducing SpyCloud Session Identity Protection

Malware stealer logs showing the variety of information that can be siphoned from malware-infected devices.

Threat actors using stolen credentials often face the challenge of bypassing multi-factor authentication (MFA), device ID checks, and browser fingerprinting anti-fraud technologies. But in recent years, criminals have learned how to bypass these protections by relying on “anti-detect” browsers that can emulate a legitimate user’s trusted device and browser fingerprint. These tools are powered by a constant stream of malware infections that steal credentials, session cookies and other browser data – all available for sale on the criminal marketplaces.

We’re excited to introduce a new solution that expands our ability to help enterprises prevent fraud tied to malware: SpyCloud Session Identity Protection. It offers early warning of malware-infected consumers whose compromised web session cookies appear in botnet logs recaptured by SpyCloud, and are therefore at extreme risk of costly, difficult-to-detect fraud.

This webinar explains how:

  • Anti-detect browsers + malware data enable criminals to bypass existing fraud controls
  • Our new product flags consumers infected with malware sometimes well before their credentials on your site are even stolen
  • Early Session Identity Protection customers are reacting to SpyCloud’s alerts of their consumers’ compromised cookies

View the Webinar

A few of our happy customers:

The SpyCloud Difference

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware-infected devices, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

stat-blocks-stacked

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.

How the Holidays Affect Dark Web Cybercriminal Activity

WEBINAR

It’s a Deal, It’s a Steal: How the Holidays Affect Dark Web Cybercriminal Activity

It's a Deal, It's a Steal

It should be no surprise that cybercriminal activity spikes around the holidays. Low holiday prices and high online traffic provide criminals the perfect opportunity to blend in with legitimate shoppers to take over accounts, use stored payment information or stolen gift cards to make fraudulent purchases, and exploit Buy Online, Pick Up in Store (BOPIS) policies.

But what we saw during the month of November on dark web criminal marketplaces surprised us – huge spikes in the sales of crimeware tools, dating accounts, and stolen credentials for particular restaurants, airlines and other consumer services accounts.

Watch the on-demand webinar to see SpyCloud’s annual research into holiday shopping trends across criminal ecommerce platforms, including:

  • What criminals bought, what prices they paid, and what volume of illegal merchandise exchanged hands around Black Friday
  • Which industries and account types were the most popular with cybercriminals 
  • How 2020 trends compared to what we saw in 2019
  • What enterprises can do to protect themselves and their consumers from online fraud
Solution: Consumer ATO Prevention

Protect your users from account takeover fraud and unauthorized purchases.

Learn More

Watch the Webinar

It’s a Deal, It’s a Steal: How the Holidays Affect Dark Web Cybercriminal Activity

The SpyCloud Difference

SpyCloud offers the earliest possible detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach or are for sale on the dark web and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done. 

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

stat-blocks-stacked

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

SpyCloud Named 2020 Gartner Cool Vendor in Identity Access Management and Fraud Detection

ANALYST REPORT

SpyCloud Named a 2020 Gartner Cool Vendor in Identity Access Management and Fraud Detection

SpyCloud Gartner Cool Vendor 2020
“Seek insight from specialist intelligence providers to understand where information compromise and loss can harm the enterprise.”1

SpyCloud is one of only three companies recognized in the Gartner 2020 Cool Vendors in IAM and Fraud Detection report.

Findings from the report:

  • New solutions are required to reduce risk at sensitive points in the customer journey, including authentication and enrollment.
  • As the COVID-19 crisis deepens, technology decisions increasingly focus on value for money and user experience. Solutions that can support new modes of work and enhance user trust and safety are finding traction.
  • Fraud detection continues to bolster identity corroboration capability and accuracy, with the focus of attention being persistent identity throughout the customer journey.
Download the full report today to learn more about Gartner’s analysis of the IAM and Fraud Detection market.

Get the Report

Gartner 2020 Cool Vendors in IAM and Fraud Detection

SpyCloud is on a mission to disrupt the cybercriminal economy to eliminate the loss of money, time, and reputation due to online fraud – and ultimately to make the internet a safer place for individuals and businesses.

We’re proud to offer IAM and fraud prevention teams solutions backed by the most current, relevant and truly actionable data recovered directly from the criminal underground within days of a breach occurring.

Discover why Gartner thinks we’re a Cool Vendor!

Download the Report

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Gartner Disclaimer:
1 Gartner, Cool Vendors in Identity Access Management and Fraud Detection, 5 October 2020, Jonathan Care, Akif Khan, Tricia Phillips, and Felix Gaehtgens.

The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

See how SpyCloud helps your enterprise proactively thwart fraud.

Top 10 Travel Booking Site

CASE STUDY

Top 10 Travel Booking Site

Industry: TRAVEL & HOSPITALITY

Top 10 Travel Booking Site Discovers Up to 11,000 Exposed Customer Credentials per Hour with SpyCloud

Challenge

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Scroll to Challenge

Solution

The booking company uses the SpyCloud API to continually monitor and protect customer accounts against SpyCloud’s massive database of exposed emails and plaintext passwords.

Scroll to Solution

Result

With automated dark web monitoring, the company discovers thousands of exposed customer accounts every hour, enabling the company to better protect their customers from account takeover.

Scroll to Result

Top 10 Travel Booking Site Discovers Up to 11,000 Exposed Customer Credentials Per Hour with SpyCloud

The online travel booking company profiled is one of the largest in the world, with nearly two million room nights reserved at more than 140,000 global destinations on its online platform every day. With a mission to remove the friction out of travel, the company unites travelers with every type of accommodation available.

Challenge

Preventing Account Takeover After a Breach

Account takeover (ATO) is a growing problem that impacts virtually every industry, particularly those organizations with an e-commerce capability. When cyber criminals steal usernames and passwords or purchase them from breach data on the dark web, both consumer and company can suffer.

The risk of ATO keeps security leaders up at night. Beyond the financial loss, ATO is often the dreaded aftermath of a security breach and can continue to cause damage for years.

For one of the top 10 travel site’s Account Security Group, keeping constant watch over their user accounts is a full-time job that would greatly benefit from automation.

“It has always been our goal to prevent, detect and remediate any account security threat,” says a security leader at the online travel company. “We wanted a solution that would enable us to continually evaluate our security stack and if we detect any gaps in our strategy, take immediate action to protect our customers and our brand, starting with ATO prevention.”

Solution

Identify Exposed Credentials Early and Rapidly

SpyCloud always has its ear to the ground in the deep and dark web. Through proprietary tools, techniques and technologies, SpyCloud is able to detect corporate breaches earlier than any other company. The earlier exposed credentials are discovered, the more likely a future breach can be prevented.

To prevent a breach, ATO and ongoing fraud from happening, this top 10 travel booking site turned to SpyCloud, recognizing the value of the detailed, real-time, accurate data SpyCloud provides. They chose to work with SpyCloud to launch a new initiative to automatically detect exposed customer credentials and alert security leaders early in the process, before criminals have the opportunity to take over the account and cause damage.

The company uses SpyCloud data as part of their account stuffing attack monitoring. For each login attempt to their domains, they initiate an out-of-band SpyCloud check for an account match. They then check match alerts against SpyCloud’s recorded spikes in account stuffing attacks to identify any correlations.

“We use SpyCloud to detect the ATO storms – when an attacker targets our system with a list of breached credentials,” says the security leader at the company. “The SpyCloud data reveals which accounts are compromised so we can force the account down an alternate road that includes a second step in the verification process. This is typically requiring the account owner to answer security questions or engage in two-step multi-factor authentication.” 

“Without the SpyCloud data, we would be in constant risk for attacks we never saw coming. We may not be able to stop every breach, but we feel we are being more proactive and have dramatically improved our security stance.”

Results

Thousands of Exposed Credentials Discovered Every Hour

One of the unique aspects of SpyCloud is the ability to discover direct matches with emails and passwords. Identifying exposed emails is not enough and doesn’t indicate the account has been compromised. With SpyCloud’s proprietary password cracking methodology, more passwords can be cracked, unencrypted and operationalized. In fact, SpyCloud owns the largest database of emails and plaintext passwords, eight billion and counting.

“SpyCloud allows us to see where we are vulnerable in order for us to fortify those potential entry points,” says the security leader. “With the SpyCloud database constantly updated, we can continually monitor our customer base with the freshest, most usable data available. Using the SpyCloud data, we discover anywhere from 3,000 to 11,000 direct matches per hour. Every one of those exposed accounts could have led to account takeover. “

While the SpyCloud solution does include the capability for users to automatically remediate accounts with matches to breach records, typically forcing a password reset, the travel company prefers less friction in the booking process.

“For now, we are using SpyCloud simply for monitoring, but we are aware the solution can do much more,” says the security leader. “We are evaluating our options and are considering moving towards being more proactive without compromising our mission. The fact that SpyCloud is customizable to our needs now but also scalable to where we may go in the future is one of the reasons we chose their solution.”

4.7% email and plaintext password match rate.

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

stat-blocks-stacked

Download the PDF version of the case study to print or share with others.