Attackers are adapting and evolving to give themselves the best chances for success when they commit account takeover or other fraudulent attacks, often attempting to work around bot-detection tools to enable greater efficiency with automated attacks.
A recent report titled 2019: Fraud risk at a glance by NuData Security, a Mastercard company, shows some of the major fraud trends in 2019. One of these trends was the decrease in basic attacks and the growth of sophisticated attacks that focus on quality rather than volume.
There are some key differences between basic and sophisticated attacks. A basic attack focuses on high volume rather than quality. Basic attacks don’t attempt to emulate user behavior or browser interactions, nor do they typically execute JavaScript. Sophisticated attacks, however, will show lower volume in many cases but attempt to emulate user behavior. Sophisticated attacks will also display expected browser or application behavior and run scripts in the environment to create human-like interactions.