Recently, AWS "Security Day" was held in Hong Kong. Industry experts from AWS, financial institutions, and security companies discussed the role of cybersecurity in the era of AI and its multifaceted impact on the security landscape. AISecureus technical experts shared insights on the current prevalent forms of cyber fraud, cutting-edge anti-fraud products, and illustrated the practical effects of anti-fraud measures through two case studies.
Four Common Forms of Cyber Fraud
Device fraud, application fraud, account fraud, and marketing fraud are various types of cybercrime in the digital age where fraudsters exploit technology. These activities not only infringe upon users' property and privacy but also distort the fair competition environment in the market. They present significant challenges to enterprises' security defenses and resource allocation, necessitating an increase in security awareness among users and enhanced technical defenses by enterprises to build a safer network environment.
-
Device Fraud: Fraudsters use emulators to forge device properties to register a large number of fake accounts. These fake accounts are used for "bonus hunting" and "fake transactions." Through an automated tool known as a "device farm," fraudsters can easily manipulate these accounts in bulk, increasing the concealment and scale of the fraud. Device fraud not only undermines the fairness of corporate promotional activities but also leads to resource wastage. More seriously, this behavior may result in the depletion of resources for real users and even the leakage of sensitive user information.
-
Application Fraud: Application fraud involves fraudsters hacking, tampering with, or forging apps or embedding malicious code, and then relaunching these compromised applications. These malicious apps can steal users' accounts, funds, and other sensitive information. Application fraud poses a severe threat to users' property security and may lead to the leakage of users' privacy. As more users rely on mobile applications for daily operations, the harm of this fraud method becomes increasingly significant.
-
Account Fraud: Account fraud typically involves cracking account passwords, spoofing logins, and gaining access to victims' accounts to defraud their acquaintances, colleagues, or friends. This type of fraud often utilizes social engineering techniques to deceive the victim into trusting the fraudster, thereby achieving the fraudulent goal. Account fraud can not only lead to direct financial losses for the victim but also result in severe privacy breaches, potentially affecting the victim's personal and professional life.
-
Marketing Fraud: Marketing fraud refers to fraudsters using professional tools to register fake accounts, thereby snatching marketing benefits, occupying user resources, and fabricating promotion effects. This not only prevents companies' marketing budgets from generating actual results but also leads to decision-making biases within the company. Such fraudulent behavior not only wastes corporate resources but may also impact the fairness of market competition, leading to the formation of an unhealthy competitive environment.
Three Major Anti-Fraud Products
Effectively combating these fraudulent activities requires joint efforts from users and enterprises to raise security awareness and adopt advanced technical measures to prevent and respond to potential risks. Only by doing so can we ensure the safety of users' funds and information in an increasingly complex online environment. AISecureus technical experts provided a detailed introduction to anti-fraud products such as App hardening, CAPTCHA, and Device Fingerprinting.
-
Identifying Device Risks: AISecureus Device Fingerprinting works by integrating information from multiple devices, generating a unified and unique Device Fingerprint for each device. A multidimensional identification strategy model based on device, environment, and behavior is established to identify risk devices such as those under the control of virtual machines, proxy servers, or emulators. It analyzes whether devices exhibit abnormal or non-user-like behaviors, such as multiple account logins, frequent IP address changes, or frequent changes in device attributes. This helps trace and identify fraudulent activities, enabling companies to operate under the same ID across all channels and assist in cross-channel risk identification and management.
-
Ensuring Application Security: AISecureus's adaptive App hardening, based on Graph Neural Network technology, deeply analyzes and extracts code features, automatically selecting appropriate methods for obfuscation according to the characteristics of different code blocks. This significantly increases the difficulty of reverse engineering while reducing computational performance consumption by 50%. Through its encryption obfuscation engine, the app code is encrypted, obfuscated, and compressed, greatly enhancing the security of the app code and effectively preventing products from being cracked, copied, or repackaged by attackers.
-
Protecting Account Security and Preventing Malicious Registrations and Logins: AISecureus atbCAPTCHA, based on AIGC technology, can prevent threats such as AI brute force cracking, automated attacks, and phishing attacks, effectively preventing unauthorized access, account theft, and malicious operations, thereby protecting system stability. It integrates 13 verification methods and various defense strategies, with a collection of 4,380 risk strategies, 112 categories of risk intelligence, covering 24 industries and 118 types of risks. Its defense accuracy reaches 99.9%, and it can quickly transform from risk to intelligence. It also supports seamless user pass-through security, reducing the real-time response and processing time to within 60 seconds, further enhancing the convenience and efficiency of digital login services.
Two Client Case Studies
AISecureus technical experts delved into the practical applications of their technology in the financial sector and the aviation industry, showcasing their outstanding capabilities in addressing security threats.
In one case, a well-known mobile banking application experienced a severe vulnerability attack, where attackers attempted to exploit multiple vulnerabilities across the client, H5 pages, and web end. Notably, through port vulnerabilities, attackers aimed to conduct mass registration, mass login, and mass order grabbing, posing significant security risks to the banking system. To address this challenge, the bank deployed the AISecureus App hardening solution. This solution provided comprehensive encryption protection for the client, stored data, keys, and data transmission through a powerful security SDK. The results showed that after deployment, all attempted intrusions and cracking activities were successfully blocked, ensuring the app's security while maintaining efficient operation.
Another case involved a large airline, whose ticketing system once faced massive malicious bot attacks, leading to the malicious occupation of system resources. Data showed that as much as 90% of search requests were from malicious bots, severely impacting the search experience for regular users. After deploying the AISecureus solution, high-risk search requests quickly dropped from the initial 5% to just 0.008%, medium-risk search requests decreased significantly from 90% to 24.5%, and normal search requests increased from 5% to 75%. These figures not only demonstrated AISecureus's efficiency in countering malicious attacks but also significantly improved user experience and system performance.
This "Security Day" event was the first of its kind held by AWS in Hong Kong in 2024, with the core concept of sharing intelligence. It aimed to provide participants with fundamental knowledge of cloud computing security and share various new technologies to help enterprises enhance security awareness.