Our top cybersecurity predictions for 2023

Our top cybersecurity predictions for 2023

It’s the time of year when the industry begins making its top cybersecurity predictions for the year ahead. Gartner, among others, recently released their top 8 cybersecurity predictions for 2023, writing that supply chain and geopolitical issues will continue to dominate cybersecurity.

In this article, our team looks into the proverbial crystal ball to share their top cybersecurity predictions and what initiatives security leaders should prioritize for 2023.

What Cybersecurity Lessons Did We Learn in 2022?

The breaches, hacks, and cyber breakdowns in 2022  taught us many cybersecurity lessons that we can use to improve security in the new year. Lessons learned include:

  • You can’t rely on MFA.
  • Company stakeholders, including VCs and board members, must have insight into their company’s security stance.
  • Don’t sacrifice security for a 1% improvement of your product. Constant re-architecting creates numerous security holes.
  • Continuous security is mandatory for blockchain. Instead of one-time assessments at launch, teams should strive for continuous validation throughout the project lifecycle.

What Are the Top Cybersecurity Predictions for 2023?

The top cybersecurity predictions for 2023 identified by the team of experts at Kudelski security are:

  1. Basic, human-targeted attacks will be the biggest risk to cyber defenses.
  2. Zero trust will replace VPN.
  3. Insider and third-party risk will rise.
  4. Reliance on passwords will decline.
  5. Skepticism around blockchain security and availability will continue.
  6. Quantum-interested companies will need to start assessing risks.

Prediction #1: Basic, human-targeted attacks, like ransomware, phishing, and email attacks will be the biggest risk to cyber defenses.

In 2023, we will see the most basic security attacks — email compromise, active directory attacks, ransomware, phishing, and multi-factor authentication attacks — continue to be the most effective and lucrative for cybercriminals.

Whenever humans are introduced into the security equation, they immediately create holes in the corporate cyber defense system. Phishing and emerging MFA bombing schemes are more sophisticated than ever and will render cybersecurity training ineffective.

“Whenever humans are introduced into the security equation, they immediately create holes in the corporate cyber defense system.”

To combat these attacks, corporate security teams should not trust human factors. Instead, they should adopt an offensive security posture. Detection and response initiatives should focus on preventative features instead of reactive quick fixes.

Will your threat detection and response strategies stand up to advanced threats? Watch our webinar to learn how to improve program maturity.

Prediction #2: Zero trust will replace VPN to secure a distributed workforce.

In 2023, zero trust will replace virtual private networks completely as security teams adjust to a more dispersed workforce. With work-from-home here to stay, company network borders won’t look anything like they used to. Employees are accessing most work applications via SaaS, and IT teams are hesitant to inherit the risk of home networks. Mistrusting every device is the key to supporting and securing remote workforces.

Can zero trust be a business enabler? Read our take on this blog from Vincent Whaart.

Prediction #3: Insider and third-party risk will rise as attackers take advantage of vulnerable parties in the economic downturn.

The impending recession will loom even closer in 2023, and cybercriminals will take advantage of the dire economic situation to bribe their way into corporate systems. We predict that software hacking will decline in 2023 in favor of “insider risk.”

Attackers will set aside their hacking skills and instead single out vulnerable employees at third-party vendors, such as shipping authorities, supply chain companies, internet service providers, and software vendors.

Companies must remain vigilant to not only secure their own network perimeters but also build a strong vendor risk management program.

Prediction #4: Reliance on passwords will decline as the flimsiness of MFA is exposed.

While it’s unlikely that passwords will completely disappear in 2023, MFA fatigue could usher in a passwordless future in years to come. The recent Uber breach highlighted the flimsiness of MFA and left security teams searching for a better alternative. In 2023, we’ll see an emphasis on securing accounts with as many other safeguards as possible, including stronger passwords and password managers.

Prediction #5: Skepticism around blockchain security and availability will continue without more caution.

2023 will be another tumultuous year for blockchain technologies unless it shifts away from “point in time” security measures. Currently, too much trust is put into code to be perfect.

Blockchain security teams must layer in more robust controls, including detection and response capabilities, to deter threat actors. The billions of dollars of bridge hacks that occurred in 2022 put a huge dent in users’ confidence in blockchain security.

Luckily, blockchain enterprises and projects are aware that customers are just as concerned about their chosen blockchain’s security as its features. This will lead blockchains to apportion the appropriate resources to improve security in 2023.

In addition to cryptocurrency theft, blockchain availability and stability should be a priority in 2023. If outages and slowdowns continue, blockchains face user decline or even complete collapse.

Learn more about Kudelski Security’s portfolio of blockchain security services.

Prediction #6: Companies concerned about quantum computing should begin assessing risks now.

Controls to prepare for quantum computing are unlikely to see mass adoption in 2023, but keep an eye on it for 2024. The current risks of quantum computing don’t quite outweigh the incredible investment required yet. That said, companies that stand the most to lose from future quantum attacks — e.g., financial services, defense contractors, and companies that transmit extremely sensitive data especially — should begin assessing their risks now.

Are you ready for the era of quantum computing? Watch our webinar to know how to be better prepared.

What Impact Will the Recession Have on Security Teams in 2023?

The recession should have relatively little impact on security teams in 2023. We predict security teams are going to remain mostly untouched even as companies across industries are forced to make cuts to their budgets and workforce in response to the upcoming recession.

American privacy laws will likely elevate to reach current European standards, putting a renewed focus on security and compliance in boardrooms and C-suites.

Additionally, cybersecurity labeling for consumer products, especially on hardware, will further the importance of corporate security teams. Economic hardships will necessitate that security teams work smarter and consolidate to meet the evolving economic and tech landscape.

What Should Security Leaders Prioritize in 2023?

In response to these top cybersecurity predictions for 2023, security leaders should prioritize the following initiatives:

  • Adopting an offensive security posture rather than a defensive one.
  • Focusing detection and response initiatives on preventive features instead of reactive fixes.
  • Phasing out VPN in favor of zero trust strategies for the remote workforce.
  • Building out a strong vendor risk management program to protect against third-party risk.
  • Looking for alternatives to MFA while implementing stronger password requirements and account protections.
  • Working smarter and consolidating to meet the evolving economic and tech landscape.
  • Bolstering availability and security of blockchain-related services.
  • Assessing risks related to quantum computing, especially for those in financial services, defense, or other industries that deal with highly sensitive data.

Get in Touch

Kudelski Security can help you prepare for 2023 and beyond with a comprehensive suite of security advisory services. From MDR and zero trust to blockchain and quantum, our experts can assess, design, implement and manage a resilient cybersecurity strategy. Get in touch with  our team here.

What’s Next in Cybersecurity: Predictions from Andrew Howard

What’s Next in Cybersecurity: Predictions from Andrew Howard

Every year, the cybersecurity sector publishes articles on what we can expect to see in the course of the year. This article, published originally in InfoSec on August 8, 2022 by Ali Hadley looks at the predictions Kudelski Security CEO, Andrew Howard, made at the beginning of 2022 in a podcast with Infosec. As we move to the last quarter of the year, we ask how much has changed and what will carry over as the top cybersecurity trends for 2023.

New strains of COVID. Humanitarian crises. A staggering influx of cybercrime. 2022 has brought us a whirlwind of headline-making events, all of which impact the current and future state of cybersecurity.

Learn what to expect and how to navigate the world as an emerging cyber pro with predictions from Andrew Howard, the CEO of Kudelski Security and our recent Cyber Work Podcast guest.

Prediction #1:  The security of encrypted data is at stake

For years, quantum computing has been a hot topic among cybersecurity professionals. As the technology gets increasingly sophisticated, concerns about the safety of encrypted data continue to grow. But Andrew says it’s not an immediate threat yet. 

“Most cryptography today is based on hard math, typically around number factorization,” he explains. “A quantum computer, if large enough and in existence, can theoretically crack these factorial-based algorithms very quickly, such that all current encryption could be at risk.”

Though future forms may threaten anything encrypted with current algorithms, Andrew says this type of quantum computer doesn’t exist right now. It’s still theoretical.

Instead of trading out all of their cryptography, Andrew advises his clients to start thinking about their action plans. “The real concern is what’s going to happen to the data you’re creating today,” he says. For now, a general idea of how you’ll access and store your encrypted and decrypted data is a good place to start.

Learn what to expect and how to navigate the world as an emerging cyber pro with predictions from Andrew Howard, the CEO of Kudelski Security and our recent Cyber Work Podcast guest. Download our corporate brochure.

Prediction #2: Supply chain security jobs will grow in demand

While big enterprises are more secure than ever before, industries in the operational technology environment (e.g., vehicle manufacturers and other production plants) are paving the way for a new horizon in security.

Manufacturing is a long-established practice, but it has long been avoided from a cybersecurity perspective, partially because it’s disconnected from the internet and partially because making updates means significant uptime requirements, slowing the entire process.

Then came IoT.

Simply summarized as a network of connected devices, IoT is the technology that allows your phone and thermostat to talk to each other. Adopted to help streamline logistics, IoT has made supply chain operations more cost-effective and efficient but also more susceptible to cyberattacks.

Because manufacturers rely on third-party software to manage these devices, they can’t directly control their data or who can access it. Now, instead of stealing just one customer’s information, cybercriminals can directly target these software providers and gain access to thousands of customers’ data. And the risk only increases as more companies complete their digital transformations.

So, what does this mean for the future—and for you?

As the new frontier in product security, there will be growing opportunities for cybercriminals and cyber pros alike. While traditional IT knowledge will be essential, Andrew says, “There will be an equally large need [for talent] on the manufacturing side of the equation as well, because it’s not just your laptop anymore. It’s all your IoT devices, it’s your thermostats, and it’s also nuclear plants.” If you have an interest in both, “there’s opportunity,”  Andrew says.

Prediction #3: Ransomware attacks will triple

It’s no secret that ransomware is a highly profitable technique used by cybercriminals. In 2021, these attacks affected 37% of all businesses, costing the world $20 billion in damages. As companies continue to grow and tactics evolve, that number will likely skyrocket to $265 billion by 2031.

Because it is the “money-making tool of choice,” Andrew reminds his clients that ransomware isn’t going anywhere, any time soon. If anything, attacks will only get more sophisticated and consequently more difficult to identify and prevent.

“One of our predictions for the start of 2022 is that ransomware will double, if not triple,” Andrew says. “For the time being, this is the threat of choice. If companies haven’t gotten their act together around this topic, it is time to get your act together.”

Because ransomware requires human error to wreak havoc (i.e., opening a malicious link in an email), employee education is the best way to prevent an attack. But, the groundwork doesn’t stop there. While awareness can keep threats from infiltrating your organization, Andrew recommends a holistic approach to prevent major damage.

“There’s no silver bullet,” Andrew stresses. “It’s going to require backup solutions. We would recommend an incident response retainer with a firm that can respond,” he says. “There are some straightforward things that can be done to limit your risks, like deploying some kind of endpoint technology tool. But it’s not one thing.”

Prediction #4: Remote work will get riskier

While securing remote systems was the #1 priority at the start of the pandemic, Andrew says employee trust is now “the most pervasive issue.”

“Lots of companies have employees that they’ve never seen in person, employees that might have a more transactional relationship with their employer,” Andrew explains. “I think this is where cybersecurity issues are being generated.”

As work shifts out of the office and into our homes, it’s getting harder to keep track of employees, which creates a slew of issues ranging from lack of trust to burnout. These new challenges create friction and a lack of transparency, which can increase the risk of data breaches, whether intentional or caused by an innocent mistake.

Regardless of motive, the isolated work environment isn’t changing any time soon, so Andrew stresses the importance of prevention and vigilance.

In addition to reviewing admin permissions to ensure that only the right people have rights to your infrastructure, you can also implement an insider threat program.

Designed to help detect and deter opportunistic attacks, these programs gather data on security processes and protocols and on users who may have privileged access to your organization.

Advice for up-and-coming professionals

As cybersecurity continues to evolve, employers are looking for sharp, proactive problem-solvers to help them work faster, better and smarter. That’s why programming will become a highly sought-after skill in the years to come. “The security leaders of tomorrow are software developers today,” says Andrew.

While companies make their great migrations to the cloud, they need a cyber pro who knows how to analyze data and automate security processes. If you focus on any one additional skill before applying for jobs, Andrew suggests studying scripting tools such as Pearl and Python.

To learn more about the future of cybersecurity, listen to the Cyber Work Podcast, Predictions for cybersecurity in 2022, with Andrew Howard.



2022 Cybersecurity Predictions

2022 Cybersecurity Predictions

Last month Andrew Howard was interviewed by Infosec’s Chris Sienko, on the top risk and cybersecurity trends for 2022. The podcast can be accessed here.

Think there’s nothing new under the sun? With cybersecurity trends, you wouldn’t be far off the truth. Every year opinion leaders outline the main cybersecurity trends to watch and often enough, the only substantial difference in content is the publication date.

That said, nothing stays the same–what is an emerging trend eventually becomes a widely accepted norm. What are “cybersecurity trends you need to know about” become “cybersecurity trends you need to take action on.”

In this podcast, Kudelski Security CEO Andrew Howard, discusses six of the biggest cybersecurity trends in 2022. He outlines how the theme or practice in question has evolved, what the current state of play is, and what reflection or action security leaders need to take.

Cybersecurity trends in ransomware, trends in WFH as well as quantum computing and the top cybersecurity skills to develop in order to become a cybersecurity professional are all covered. The interview breaks down largely as follows:

0:00 – Andrew Howard’s own experience of getting into cybersecurity

4:00 – How has cloud security evolved? Persistence of hybrid approaches

8:20 – The next cybersecurity innovation and quantum computing; regulation and the challenge of securing sensitive data using current algorithms in the future.

10:54 – The state of ransomware, the tool of choice for nefarious actors to monetizing threats, and practical ways to address the challenges

12:57 – Cybersecurity supply chain issues and the risks of third-party service providers

16:18 – Cybersecurity, the hybrid work environment, and employee-employer trust deficit (access control and insider threats)

18:42 – The year of cyber insurance and exclusion of ransomware from coverage

20:35 – Department of Defense directive to close security gaps in the government networks and systems

22:15 – The magic wand: Three things Andrew Howard would change in cybersecurity – resolve the security protocols in the Internet earlier, fix authentication behind email, overreliance on security awareness and training

28:10 – Advice to 2022 cybersecurity students; top skills to get a great cybersecurity career: problem solving skills, data analytics skills, scripting automation programming skills

29:37 – Kudelski Security

30:58 – Blockchain security in 2022

31:57 – Learn more about Kudelski Security


You can listen to The Cyber Work Podcast, Predictions for cybersecurity in 2022, here.




Data Security as a Business Enabler

Data Security as a Business Enabler

Security has evolved since the days when cybersecurity systems were evaluated by the number of incidents handled by the InfoSec team over a year. IT departments and organizational leadership adopted the attitude that no news (or no data breaches) meant no security problems, so all was well.

That approach wasn’t true then, and it certainly isn’t true now. Over time, the record has proven security to be the business enabler in digital transformation (DX), by most effectively protecting and managing the most valuable asset:data.

DX has been the force behind the rapid pace of innovation. Successful innovators must juggle the uncertainty of DX processes and security risks. One approach is based on the “fail fast, learn fast” rule. Cryptography is an example of this rule: Instead of giving mathematical proof that an algorithm is safe, the community accepts (and considers trusted) a cryptographic scheme because it is very unlikely it could be broken in foreseeable future.

Emphasizing Security in Digital Transformation (DX)

Threat actors, however, are diligent in their attempts to break into new technologies and find ways to get to the data. Security plays a vital role in any data-driven DX by staying ahead of such dangerous threat actors. Here are three examples of how companies in different industries are successfully managing DX, thanks to data security.

  • Digital Transformation in the Medical Industry

CheckPoint Cardio invented a wearable device that constantly sends dozens of raw health data (like ECG, pulse, blood pressure, etc.) to a remote center that correlates them in heart-related events and responds in real-time. Medical professionals use this information to treat patients and respond quickly to health emergencies.

But what happens if this medical data ends up in the wrong hands? It not only holds business value to healthcare facilities, but threat actors could manipulate the data that impacts patient health. Also, because there are strict regulations surrounding health data, compromised data could result in massive fines and penalties.

To protect the data, security such as client-side encryption decreases risks caused by third-party providers. The greater emphasis on security of the data makes it easier for hesitant companies to adopt this innovative and useful technology.

  • Digital Transformation in the Media/Social Platforms Industry

Facebook always sold information generated by users to external advertisers who, in turn, often resell the same information. The data mining and sharing by Cambridge Analytics showed both the value of the data to outside entities and the security and privacy implications for the Facebook users. Facebook’s reputation was seriously damaged by the scandal.

Since then, the company changed its data security and privacy approach to meet GDPR compliance (in all its technical and organizational measures) and this has become a compelling security requirement for the company to assure its ads-based business to flourish.

  • Digital Transformation in the Financial Industry

Consumers increasingly want a fully personalized offering from their financial providers. The more contextualized data the company accumulates from its customers, the easier it is to improve and personalize its service. A traditional data-lake system that follows security and privacy best practices would do the job, but companies are also constantly researching new security tools to best protect consumer data and increase its marketing appetite. One such tool (even with its security and privacy shortcomings) is blockchain technology.

The Challenge of Legacy Systems

DX opens the doors for new revenue opportunities for companies, and data-driven security is designed to enable such DX by keeping the additional information safe. However, organizations that rely on legacy systems lack data-driven security awareness. A Cambridge University research survey reveals that “71 percent of respondents agreed that there are data quality and integrity issues that make it difficult or impossible to implement a data-driven business model, as users quickly abandon apps that provide incorrect information.”

John Chambers, CEO of Cisco at the time, commented that dynamic companies, i.e., the ones who adapt services to customer needs, will gain a competitive advantage. “Forty percent of businesses in this room, unfortunately, will not exist in a meaningful way in ten years,” he said in a keynote address. Additionally, while 70 percent of companies will attempt to go digital, only 30 percent will actually succeed.

At the heart of successful digitalization is data security. But success of DX security is the responsibility of corporate leadership:

  • The CEO is the main sponsor of the DX project and is the individual ultimately accountable for its success (or failure) in front of the steering board and investors.
  • The CIO (or CTO) reports to the CEO and is accountable for the Business-as-Usual (BAU) IT Operations during all phases of the DX.
  • The CISO reports to the CEO and possibly the CIO and is accountable for unforeseen malicious threats happening during or after the DX.

Accountability and Predictability in Secure Digital Transformation

To meet the challenge of a secure digital transformation, leadership needs to emphasize two areas: accountability and predictability.

  • Accountability Security should always be a shared-responsibility matter that concerns everybody in the company. To promote that mindset, security behavior should be incentivized with bonuses and rewards. This way employees will not see security solely as checkbox-tasks dictated from above, but as a real added value to the organization for protecting core assets, businesses and, ultimately, reputation.
  • Unpredictability This has to do with lateral thinking, but will be treated in my next article, more oriented to the architect and technical fo


Although security should be deemed mandatory by everyone, it is rarely seen as the main enabler for DX itself. As seen by the examples from different industry verticals, security shall own this active role to make business advance in digitalization.

A small change to your mind set can result in a big change to your bottom line. You will save resources from a breach that could disrupt operations, damage brand, or make you go bust.  But you will also find new markets and generate new income sources with a security-by-default mindset.

Whether you’d prefer to embrace a potential win or avoid a sure loss, it is definitely worth digging into the topic more.

A New Enterprise Perimeter and the Cybersecurity Raising Challenges

A New Enterprise Perimeter and the Cybersecurity Raising Challenges

The security industry has faced a variety of challenges throughout 2020. The pandemic put pressure on security and IT operations and shone a spotlight on underlying issues many organizations were facing in terms of their digital transformation and security posture. If that wasn’t enough, the threat landscape also shifted and is now more volatile than ever.

As security leaders prepare to handle what lies ahead in 2021 and beyond, there are three key trends they should pay special attention to: the increase in adoption of policy-based security models, new ransomware threats and greater utilization of artificial intelligence.

Adoption of policy-based security models

The prospect of moving an onsite workforce to a remote setting had a huge impact on many organizations, as they realized they weren’t ready for such a dramatic shift. Moving to remote work due to COVID-19 exacerbated the shortcomings of the traditional enterprise perimeter security model. This led to more organizations choosing policy-based security models, such as Zero Trust, to ensure the protection of their employees while remote work continues to be a norm.

As remote work becomes more normalized – beyond the pandemic -, rather than equating trust to a corporate network location, a Zero Trust model analyzes information about the user, data, applications and devices to contextualize security risks and dynamically adapt access rights. Successful adoption will depend on organizations fully integrating various tools within their environment, from authentication systems and network security appliances to endpoint detection and response.

Increase in data breaches and ransomware attacks

Attackers are constantly changing their methods, resulting in new and evolving risks. It is important for companies to be prepared and aware of new threats to stay ahead of them and protect their data from any potential compromise.

Looking ahead, companies should expect to see an increase in ransomware, with bad actors increasingly threatening to expose encrypted files if they refuse to pay a ransom.Organizations have begun to do a good job in building, testing and operationalizing their office backup strategies to mitigate the risk of ransomware. Unfortunately, most of these organizations have failed to mitigate the actual risks, if data has been compromised before – whether directly from the company or through third parties – threat actors will still be able to gain a foothold into the company’s assets. The focus moving forward should fall into ensuring they have robust backup and data recovery strategies that can help address the systemic weaknesses attackers are exploiting.

We’re also going to see a considerable increase in the use of illicit Auth 2.0 grants to compromise accounts. In general, organizations have created better phishing awareness programs, increased multifactor authentication, and created rules to detect anomalous logons; however, attackers have shifted to trick users into Illicit Oauth 2.0 grants. To prepare, companies should limit which applications can request OAuth 2.0 grants from end users or disallow specific OAuth 2.0 scopes from ever being granted.

Utilization of Artificial Intelligence

We will see an increased utilization of AI particularly within the IoT and OT industries, given the technology’s ability to help automate many tasks to reduce costs and improve productivity. However, as security leaders decide to adopt AI, they will need to prioritize the integrity of the data and make sure basic cyber hygiene protocols are in place.

Utilizing AI without the basics – from asset and patch management to user awareness – will only exacerbate the number of breaches we will see, as simpler exploits will be able to leverage any weak spots.

Looking ahead to 2021 and beyond, organizations need to be prepared to secure their resources no matter where they are accessed from. Leaders will need to make sure they add security-based policies to their business continuity plans as well as understand all the threats’ shifts and how to adopt new technologies to mitigate potential risks.

This blog was originally featured in VMblog.com

Identifying Malicious Traffic on Your Web or Mobile Application: 6 Signs to Look For

Identifying Malicious Traffic on Your Web or Mobile Application: 6 Signs to Look For

Additional online traffic during the pandemic has increased cases of fraud and credential stuffing, giving fraudsters more ways to get into your web and mobile platforms. During such an attack, it’s not uncommon for 80-99% of traffic to ultimately be found to be malicious.

The high volume and velocity of malicious traffic during such an attack can make it difficult to pinpoint the source and apply countermeasures. Not only are these high-volume attacks damaging to brand reputation and revenue, but they are extremely taxing to backend systems and may even result in extra charges for your fraud prevention tools.

We recently sat down with Dan Woods, VP of the Shape Intelligence Center, which is now part of F5 Networks, for a webcast to understand 6 of the primary indicators they look for to determine genuine users vs. imposters.

6 Indicators of Malicious Traffic to Watch For

1. Disruption of normal traffic patterns

This is the first indicator that something is amiss on your web or mobile application. Over time, you should notice specific patterns in your traffic—the most common of which is based on time of day. If your traffic doesn’t follow a diurnal pattern—peaking during daytime hours and falling during nighttime hours—that’s a sign there is some malicious activity happening. Additionally, if traffic spikes are unrelated to marketing campaigns, such as email campaigns or television ads, that’s another sign your app might be receiving a high volume of malicious traffic.

2. Contrived or missing user interactions

When analyzing in-app interactions like keystrokes and mouse clicks, you’ll find that human interactions tend to be clumsy and inefficient. In an automated interaction, however, you’ll find that multiple interactions happen within milliseconds.

Or, you may find that a user is clicking the same XY coordinate over and over again. That is extremely difficult for a human user to replicate. Even if the attacker started clicking a different XY coordinate each time, if you notice any kind of formulaic relationship between the two coordinates, that’s also a signal of a synthetic event.

An example of contrived mouse clicks following a formulaic pattern of XY coordinates.

In the case of a malware attack, missing interactions are as much of an indicator as contrived interactions. For example, if you see a user who logs into their frequent flier account and redeems points for a gift card without touching their keyboard, mouse or touchscreen on their smartphone, that would indicate a malware attack running in the background.

3. Changes in password key event patterns or frequency

A fraudulent login attempt will likely have a much different pattern and frequency than a human attempt. When repeated by a genuine user, password key events should follow roughly the same pattern and timespan. After entering in a password so many times, you develop a rhythm that a fraudster cannot match.


A genuine user’s password entry will follow a similar cadence and timespan compared to a fraudster.

4. Highly efficient user interactions

Another way to tell the difference between good traffic and malicious traffic is the efficiency of interactions. Real human interactions are somewhat random. Sometimes a user will click even when there isn’t anything to click. They may be reading the screen, moving the mouse, and clicking just to pass time.

Fraudulent bot interactions, on the other hand, often move in perfectly straight lines. Even if the bot adds entropy, it typically shows up as smooth arcs. And on a login form, for example, a bot has no incentive to click anywhere but the username and password fields and the submit button.

The mouse movements and clicks for genuine users will be much less efficient than a bot or fraudster.

Fraudulent manual interactions are right in the middle when it comes to efficiency. They’re going to be more efficient than good human interactions, but not as efficient as bot interactions. Let’s examine this hypothetical: a user logging into their financial application to add a payee and send a sum of cash. A real user would likely have to search out the “add payee” button because they don’t add a payee every day, which would add a second or two to the workflow. It’s possible an imposter adds payees hundreds of times per day, so they would be able to navigate that workflow extremely quickly.

5. Spoofed user agent strings

In addition to collecting behavioral biometrics, it’s also important to look at the environment the traffic is coming from. Shape will look at how emojis are rendered to determine whether or not traffic is being spoofed. Emojis will render differently on different platforms and applications. So if a user agent string purports to be Chrome, but the browser is rendering emojis like Firefox, it’s likely fraudulent traffic. A genuine user would have no incentive to lie about their user agent string. 

A spoofed browser may render emojis differently than the browser identified in the user agent string.

Similarly, you can look at how really big, hexadecimal numbers convert on each platform. Shape has developed JavaScript code that will ask the browser to convert a hexadecimal to a decimal. Different browsers will provide different answers due to the way they choose to round. The difference is negligible, but enough to help identify which browser the traffic is coming from. Again, if the user agent string tells us the traffic is coming from Chrome, but they’re converting the hexadecimal like Firefox, then we know it’s fraudulent.

6. Spoofed HTTP header data

Oftentimes, imposters will try to spoof the HTTP header of the website or application, but they will struggle to get everything correct. Therefore, the header can provide a lot of useful signals that the traffic is fraudulent.

Many of these indicators can’t be uncovered with standard application security monitoring. With the addition of a tool like Shape—that incorporates advanced client-side signals, behavioral biometrics, network signals, machine learning, and artificial intelligence—we can improve the efficiency and effectiveness of application fraud detection and response. To learn more about how to incorporate Shape or other application security tools into your network infrastructure, contact Kudelski Security here.