uTalk
Official forum for Utopia Community
You are not logged in.
- Topics: Active | Unanswered
#1 2023-05-31 23:13:15
- thrive
- Member
- Registered: 2023-01-04
- Posts: 1,974
CAPTCHA-Breaking Services Assisted by Human Solvers in Defeat Security
Cybersecurity experts issue a warning about CAPTCHA-breaking services that are being sold as a way to get around filters that separate human users from bot traffic.
"Several services that are primarily geared toward this market demand have been created," Trend Micro said in a report released last week. "Cybercriminals are keen on breaking CAPTCHAs accurately.".
Instead of breaking CAPTCHAs using [optical character recognition] techniques or sophisticated machine learning methods, these CAPTCHA-solving services farm out CAPTCHA-breaking tasks to actual human solvers. ".
Completely Automated Public Turing Test to Tell Computers and Humans Apart, or CAPTCHA, is a tool that distinguishes between authentic human users and automated users in order to fight spam and prevent the creation of fake accounts.
In spite of the fact that CAPTCHA mechanisms can be annoying to users, they are thought to be a useful defense against attacks from bot-generated web traffic.
The illegal CAPTCHA-solving services operate by channeling customer requests through their human solvers, who then figure out the answer and send the results back to the users.
Additionally, the ability to send the CAPTCHA in real-time via API calls to the service provider, who then sends the responses programmatically, makes the entire workflow accessible to bot operators.
CAPTCHA.
According to security researcher Joey Costoya, "this makes it easy for the users of CAPTCHA-breaking services to develop automated tools against online web services.". "And because real people are completing CAPTCHAs, the goal of preventing automated bot traffic through these tests is defeated. ".
But that's not all. Threat actors have been seen buying CAPTCHA-breaking services and combining them with proxyware options to mask the source IP address and get around antibot defenses.
Proxyware effectively transforms the devices it runs on into residential proxies, despite being marketed as a utility to share a user's unused internet bandwidth with third parties in exchange for "passive income.".
The task requests coming from a bot are routed through a proxyware network in one instance of a CAPTCHA-breaking service that targets the well-known social commerce marketplace Poshmark.
Although CAPTCHAs are frequently used to stop spam and bot abuse, Costoya claimed that their effectiveness has decreased due to the rise of CAPTCHA-breaking services. "Online web services are able to block the IP addresses of abusers, but the widespread use of proxyware has rendered this technique useless, just like CAPTCHAs. ".
Online web services are advised to use additional anti-abuse tools in addition to IP blocklisting and CAPTCHAs to reduce such risks.
Offline