Detecting Account Takeover Botnets
A botnet is a network of compromised computers – known as bots – usually controlled by a command and control computer, that work together in coordination for a malicious purpose.
In this blog post, we’ll discuss how to detect botnets used for attack takeover (ATO), an attack used to obtain the valid credentials of an online account. An attacker may steal an innocent user’s login credentials and – depending on the type of account – use them to carry out a variety of criminal acts such as identity theft, credit card validation, or gift card redemption.
Let’s start by talking about the challenge of detecting ATO botnets.
Protecting a site from ATO attacks demands dedicated detection and mitigation techniques. Identifying ATO botnets is more challenging, however, as they are distributed across several IP addresses and use sophisticated techniques to stay unnoticed. In order to defend against an ATO botnet, we first need to detect an ATO attack and then the botnet operating behind it.