By Inwook Hwang, Director of S2W
In the field of cybersecurity, threats are typically understood as dangers that take advantage of the vulnerabilities in hardware and software. However, a new type of cybersecurity threat is emerging that involves exploiting internet platforms and e-commerce systems in order to steal profits from other users or the platform itself. This threat does not rely on sending malicious packets or modifying system permissions, but rather on generating a large volume of transactions or manipulating the reputation of users.
In recent years, my team has encountered this kind of threat many times, and we have continued to work with various partners to address their issues. In this article, I would like to share our experiences with them. Below are some of the examples regarding this threat.
First is cross trading. Cross trading is the act of buying and selling securities or products with several different accounts owned by the same person. This can be done more easily in online markets, where one person can generate multiple accounts and use them to take advantage of the system. It is very challenging to detect suspicious trading in online markets compared to traditional financial markets.
There are various benefits that attackers can obtain through cross trading. For example, attackers can manipulate the market price of the goods being traded. It has been reported that this behavior has occurred often recently in the virtual asset market and the high-priced collection market. Moreover, many online platforms offer per-trade rewards to attract users. The attackers can earn huge rewards by repeated cross trading. In addition, attackers gain a reputation as reliable sellers by increasing their number of transactions. It is also notable that the benefits and effects that should be enjoyed by users and the platform are sacrificed.
Secondly, there are fake reviews. Fake reviews are an increasingly common issue in online markets and applications. They can be used to manipulate the ratings of a particular product or service, ultimately misleading consumers. This can be harmful to both consumers and platforms, as it undermines the trustworthiness of the review system.
A large number of the fake reviews these days are written by paid and organized groups in order to boost an abuser’s reputation. Our team also has encountered and dealt with this issue while working with big internet market players. We have found that the organized fake reviews are especially prevalent on open market platforms and delivery apps where users are heavily affected by the feedback of others when making purchasing decisions.
Impersonation is the last challenge that users should be aware of. Attackers can use fake accounts imitating celebrities or famous brands in order to deceive victims. They convince victims to invest their money or install malicious applications. More serious hackings or fraud incidents can then follow.
We are searching for these imitated accounts and web pages using image detection on newly created social media accounts and domains, and the number is significant. For example, a gambling site illegally using the image of Suzy, a famous Korean singer, was discovered. Furthermore, there were Kakao Talk channels impersonating Syuka World, a famous investing influencer from YouTube.
As the internet has become a more preferred communication channel for celebrities and companies, this type of attack is becoming more widespread. Surprisingly, under the current Korean law, making a profile similar to another person in cyberspace is not illegal, which contributes to the prevalence of this type of attack.
How can we prevent and respond to these attacks? One of the easiest ways to prevent these attacks is to enhance authentication during signing up and the logging in. This helps to establish the identities of the users and reduces the aforementioned vulnerabilities. However, for the service providers who are focused on rapid business expansion, strong authentication or access control may not be a viable option. In this sense, it can be said that these vulnerabilities are intended to facilitate rapid growth.
Instead, it is important for the service providers to carefully consider the trade-offs between security and growth and implement appropriate measures that will not hinder the experience of most normal users. In our experience, approaches based on algorithms and data analysis techniques have proven effective enough to defend against attacks of this type. Some specific strategies include:
● Inferencing user identities from multiple types of information, such as accessed IP, device information, and user location
● Using graph-based clustering to detect suspicious user groups based on user actions, such as login and logout, clicks, chats, purchases, and searching
● Applying text mining techniques and image processing to detect fake sites and accounts
It is important to note that no single approach is sufficient, and a combination of strategies is often needed to effectively implement a defending system. It is also essential to continuously monitor threats and update countermeasures to stay ahead of evolving attackers, as is common in adversarial machine learning.
As more of our economic activities have moved to the internet due to COVID-19, the new types of attacks mentioned above have increased rapidly and have become an increasingly serious business risk. It is time to thoughtfully address these new kinds of threats and attacks.
[email protected] Follow the author
About the author
Inwook Hwang is a director at S2W R&D center, where he works to make the internet a safer place through the development of innovative solutions for detecting and preventing suspicious transactions and counterfeit goods. His team’s efforts have been adopted by the leading e-commerce companies such as Bungaejangter, Coupang, and Kream. Prior to his current position, he was a research staff at TmaxSoft, Samsung Electronics, and Atto Research. He received his B.S. degree and M.S. degree in computer science and engineering from Seoul National University.
