SpyCloud launched Session Identity Protection, a transformative early warning system designed to prevent trusted user fraud, one of the hardest forms of fraud to detect.
The new offering is powered by SpyCloud’s malware intelligence, which surfaces credentials and session tokens stolen from consumers by prevalent infostealers.
Existing anti-fraud solutions offer a fragmented overview of user activity, often designed to determine if a user is a bot or a human. Session Identity Protection, however, is the only solution to expand on standard fraud and browser checks to identify consumers whose session or trusted device cookies have been compromised or collected by malware. This allows tech firms, financial services companies, and retailers to mitigate the risk of hijacked sessions by giving organizations more comprehensive visibility into an untouched area of at-risk and exposed consumers.
“There are virtually no indicators that differentiate a legitimate user from a criminal using an anti-detect browser and stolen session cookie data. They look nearly identical, down to their geofenced IP, browser version, OS version, and even screen resolution,” said Jacob Wagh, Senior Product Manager at SpyCloud. “In some cases, analysis of SpyCloud’s database of recaptured breach and botnet data shows stolen session cookie data indicating a risk of fraud before the credentials connected to an associated account have even been compromised.”
Threat actors using stolen credentials often face the challenge of bypassing multifactor authentication (MFA), device ID checks, and newer browser fingerprinting anti-fraud technologies. However, in recent years, criminals have learned how to bypass these protections by relying on “anti-detect” browsers that can emulate a legitimate user’s trusted device and browser fingerprint. These tools are powered by a constant stream of malware infections that steal credentials, session cookies and other browser data – all available for sale on the dark web.
Trusted user fraud is one of the hardest forms of fraud to detect because it allows criminals to mimic legitimate users that have been compromised by malware. By accessing active sessions through common ‘remember me’ features, criminals can bypass the points of authentication where they are at the highest risk of detection.
SpyCloud Session Identity Protection helps prevent trusted user fraud by providing:
- Early warning of users who are victims of active malware infections – sometimes well before their credentials on a site are even stolen, allowing customers to proactively reach out to high-value consumers and build trust.
- The ability to identify and invalidate any active sessions identified by a compromised cookie or consumers infected by malware like RedLine Stealer and other insidious infostealers.
- Protection from attackers leveraging stolen cookies to mimic trusted devices for high-value accounts.
- The ability to flag user accounts with known compromised devices for increased scrutiny of future logins and transactions (regardless of cookie expiration time).