Cybersecurity researchers warn of CAPTCHA-breaking services being marketed to bypass systems designed to distinguish legitimate users from bot traffic.
“Cybercriminals are keen to crack CAPTCHAs accurately, which is why several services have been created primarily to meet the demands of this market,” Trend Micro said in a report released last week.
“These CAPTCHA resolution services [optical character recognition] technology or advanced machine learning techniques. Instead, they assign the task of breaking her CAPTCHA to a real human solver to break her CAPTCHA. ”
CAPTCHA (which stands for Fully Automated Public Turing Test to Distinguish Computers from Humans) is designed to help combat spam and limit the creation of fake accounts by comparing real human users with automated user It is a tool for distinguishing between
Although CAPTCHA mechanisms can be disruptive to the user experience, they are considered an effective means of combating attacks from bot-originated web traffic.
Fraudulent CAPTCHA resolution services work by collecting requests submitted by customers and delegating them to human solvers. The solver comes up with a solution and sends the result back to the user.
This is accomplished by calling an API to send the CAPTCHA and calling a second API to get the result.
“This makes it easier for customers of CAPTCHA-breaking services to develop automated tools against online web services,” said security researcher Joey Kosutoya. “And a real human solving his CAPTCHA defeats the purpose of filtering automated bot traffic through these tests.”
That’s not all. A threat actor has been observed purchasing a service to break her CAPTCHA, combined with a proxyware product to hide her originating IP address and circumvent anti-bot barriers.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Reserve your seat!
Proxyware is marketed as a utility that shares a user’s unused internet bandwidth with other parties in exchange for “passive income,” but essentially turns the device that runs them into a residential proxy. increase.
In one instance of the CAPTCHA destruction service targeting the popular social commerce marketplace Poshmark, task requests originating from bots are routed through a proxyware network.
“CAPTCHA is a common tool used to prevent spam and bot abuse, but the increasing use of CAPTCHA-breaking services has made CAPTCHAs less effective,” Kostya said. “Online web services can block the originating IP of an abuser, but the increasing adoption of proxyware has made this method as brittle as his CAPTCHA.”
To mitigate such risks, we recommend online web services supplement CAPTCHAs and IP blocklists with other anti-abuse tools.
