IP Insights - Digital Element

The Role of Proxy Data in Fighting Cybercrime

Posted on January 30, 2020November 15, 2024 by jsisko

According to research firm Cybersecurity Ventures, the cost of global cybercrime will reach $10.5 trillion USD annually by 2025, up from the $3 trillion USD that it was in 2015.

Today’s enterprise IT professionals are clearly on the front lines of a very intense battle, where the losses span monetary, reputational, productivity and IP theft, to mention only a few.

In today’s world, new technologies usher in new tactics used by criminals. They can launch ransom attacks, take over networks, and illegally infiltrate consumer accounts through diverse devices from anywhere in the world.

By leveraging camouflage techniques, they can do so anonymously. Tools such as Virtual Private Networks (VPNs), proxy servers, queue networks, and Domain Name Systems (DNSs) allow them to hide their true identities and locations.

The reliance of cyber criminals on these tactics can be key to deciphering crime networks and their activities if businesses take the right approach.

Separate the Bad Guys from the Good Guys

A growing amount of internet traffic is being masked through proxies. For example, online users wanting to surf the web anonymously often use proxies that can provide them with a means to hide their IP address from the rest of the world.

By connecting to the internet through proxies, a device’s IP address will not be shown but rather the IP of the proxy server. Whether used intentionally or unintentionally, proxies can significantly throw off a company’s online initiatives.

The expanded availability of low-cost, IP-redirect options that run through geographically distributed hosting facilities have caused a proliferation of proxies. These include anonymizers, VPNs, and Tor services to name a few.

Cyber criminals, in particular, have found the use of proxies to be effective. But, it’s important to remember that not all proxies have malicious intent. VPNs are widely used by legitimate users for diverse purposes and are a popular choice for enhancing security and privacy. Recent data indicates approximately 26 percent of global online users access the internet using a VPN or proxy server.

As a result, stopping all VPN users is not practical. It increases the danger that real customers or employees are mistakenly labeled as crooks. If that is not enough, this method fails to discover the root of cybercrime. In order to mitigate risks and protect real users, companies must find the means to separate the bad guys from the good guys― and one of the tools for accomplishing this is the incorporation of IP-based VPN and proxy data into your platforms and technologies.

Data Accuracy Is Imperative for Fighting Cyber Crimes

By connecting to the internet through proxies, the IP address of the criminal’s device will not be shown accurately, but rather the IP of the proxy server.

The ability to identify if an online user is connected through a proxy and what type of proxy it is enables companies to flag potential criminal activities and set protocols for handling this type of “non-human” traffic differently.

Understanding the type of proxy a visitor is connecting to the internet with, such as anonymous, transparent, corporate, public, education or AOL, can trigger fraud alerts. Responses to the type of proxy can vary depending on what type of proxy it is―for example, an anonymous proxy may warrant a higher fraud score than a corporate one. By identifying connections that obscure the end-user location or those that seek to portray a connection from an “acceptable” city or country can now be easily identified and categorized.

Of course, success depends on data quality. Reliability of information can vary significantly among data sources. But the most accurate proxy data providers not only ensure that information is constantly updated on a daily basis, but that information also originates from excellent sources.

The Advantage of Other IP-Based Data

The analysis of criminal activity can go far beyond proxies. Initially, this may include an assessment of the connection type. For example, a hosting center can be a tool for traffic, not a source. Then traffic originating from it can be examined alongside existing records, such as information stored in a Customer Relationship Management (CRM) database. The same goes for proxy, VPN and queue servers. By evaluating the type of proxy used against the highest quality proxy data, companies can start distinguishing between a reliable VPN and a mechanism that is more suited to suspicious activity.

Beyond connection features, IP geolocation allows companies to run comparisons. For example, in retail, this includes the implementation of smart rules where IP location is automatically checked when there are log-ins from high-risk locations. Alternatively, companies can secure internal networks by tracking speed patterns and identifying suspicious trends, such as people jumping between locations at illogical speed or in illogical order.

After analysis, companies can choose their preferred mode of action. Any suspicious activity that poses a low threat can be flagged for a form of authentication, such as sending an email or SMS that allows the user to confirm their identities. In the meantime, serious threats can be blocked immediately to prevent damage. Alongside reducing false positives, this approach shows consumers that companies are committed to cybercrime prevention.

In order to thrive in the digital world, companies must equip themselves with tools that identify and exploit crooks and cyber criminals to strip them of their anonymity without jeopardizing real users―and this can be accomplished effectively and seamlessly through proxy data and other IP-intelligence factors.

Government Organizations Gaining Ground with IP Intelligence and Geolocation

Posted on August 8, 2019November 15, 2024 by jsisko

If you follow our blog posts, then you’d find us and our clients writing a lot about how IP data can be successfully applied across a number of traditional industries, from advertising to retail and streaming media to publishing.

Government, on the other hand, has been one business segment where the benefits of incorporating the use of geolocation and IP data can best be described as more like an “open secret.” However, with cyber and security risks ever increasing, more and more government organizations across all three levels―local, state and national―are now actively looking for more reliable and cost-effective solutions that can be delivered with IP intelligence data.

In recent years, the federal government has published several papers on cybersecurity, including Executive Order 13800 and the follow-on Cyber Risk Determination Report, the Trusted Internet Connection (TIC) paper, and NIST Special Publication 800-53 rev. 4 / National Vulnerability Database (NVD). All are particularly informative as to how cyber initiatives are being considered and managed by the government.

Specifically, NIST 800-53 and the NVD thoroughly address cybersecurity from start to finish, and the applicability of IP intelligence is clear and definitive. Contained within these documents are lists of low-, moderate-, and high-impact security controls.

Of particular interest is the list of “High Impact Controls” of which IP intelligence is either directly or indirectly referenced dozens of times. Example references from different sections of NIST 800-53 include, but are not limited to: AC-17 Remote Access, AU-3 Content of Audit Records, IA-4 Identifier Management, PL-8 Information Security Architecture, SC-7 Boundary Protection, and SI-4 Information System Monitoring.

Almost any agency has cyber, security, or controlled-access priorities. Some the typical agencies are those involved with intelligence, security, law enforcement, fraud and investigative missions. Agencies that need targeted notifications as well as geospatial or demographic information or perform network analysis and management are among the most common users. Our government clients include the National Nuclear Security Administration, U.S. Department of Energy, U.S. Department of Justice, Drug Enforcement Administration, and New York State.

Digital Element’s NetAcuity ^® technology offers accurate and time-relevant information about online entities, users and attack vectors such as location, proxy/VPN and more. By leveraging IP intelligence data, government organizations can proactively employ real-time intelligence about inbound and outbound network traffic; identify location and connection type information; uncover potential threats; and add critical intelligence to the investigation of cyber events. The most popular solutions for government include proxy identification with Pulse^TM and ZIP+4 geotargeting with PulsePlus^TM.

Examples of successful government applications include:

Cyber/anti-fraud: Identify incoming proxy and other circumvention tools used by bad actors or pinpoint the location of an originating IP to help prevent intrusion attempts.

Criminal investigations: Effectively sort through billions of IP and mobile connections for anomalous activity or connection types.

Intelligence community: By setting IP criteria, SIGINT and cyber analytics can be optimized and enhanced by reducing multiple orders of magnitude from billions of IP and mobile data points.

Credential verification: Compare and validate users’ IP information versus supposed origination location or proxy type.

Geofencing for inclusion/exclusion purposes: Set specific permissions or responses based on the location of IP- or mobile-based connections.

Targeted notifications: Alert users, specific geographic locations or system administrators of events based on location, domain or other criteria.

Server/network traffic analysis: Identify and analyze traffic patterns, location and connection types for IP- and mobile-based connections.

Content localization/customization: Allow for geographic, connection type or other criteria to be used to specify information, content or other personalized use cases.

As government organizations build their digital initiatives and bring increasingly more assets into the tech-enabled universe, more departments and agencies can easily and quickly apply IP intelligence to solve multiple cyber challenges on a number of fronts.

Learn more about our IP Geolocation solution here

Identify Proxies…Fight Click Fraud and Wasted Impressions

Posted on November 28, 2018November 18, 2024 by jsisko

Today’s digital world has become a mass online universe that constantly challenges marketers to find new and innovative ways to reach what is often a faceless and geographically dispersed audience.

If we’ve learned anything, it’s that location provides valuable insight into what is typically an anonymous audience online. A plethora of contextual information can be gleaned from knowing internet users’ locations in order to make marketing messages more personalized.

However, a growing amount of internet traffic is being masked through proxies. For example, online users wanting to surf the web anonymously often use proxies that can provide them with a means to hide their IP address from the rest of the world. By connecting to the internet through proxies, a device’s IP address will not be shown but rather the IP of the proxy server. Whether used intentionally or unintentionally, proxies can significantly throw off targeted marketing campaigns.

More Proxies Equals More Demand for IP-Based Data

A number of different proxies exist in today’s online world―for both legitimate and nefarious reasons. Detecting proxy traffic is an IP-based phenomenon. The presence and type of a proxy dictates how certain IP traffic is handled. For marketers, the ability to deploy technology that identifies and bypasses online users who may be masking their locations and digital personas means improvement in targeted campaign performance with fewer wasted impressions.

During the last year, we’ve seen a 25-to-50-percent increase in requests for proxy data. The demand is specifically coming from ad networks, analytics companies, video content providers, fraud-prevention solutions, and software providers with geographic rights restrictions.

For marketers, in particular, the inclusion of proxy information in their data arsenals works to improve efficiency and performance of content and message through: 1) Avoiding wasted impressions; 2) Fighting click fraud; and 3) Enhancing attribution and analytics. Recent research suggests that 28 percent of website traffic has shown strong “non-human signals.” Where there’s non-human traffic, there’s almost certainly ad fraud.

Proxy Data at Work

As we’ve discussed, relying on a proxy’s IP address location often leads to incorrect targeting and wasted impressions because the user is hiding his/her location behind a proxy. In the case of hosted or pay-per-click (PPC) ads, companies can utilize proxy data to combat malicious clicking that unnecessarily assesses charges to advertisers. Proxy information can also be incorporated into analytics to report on human versus non-human (i.e. invalid) ad traffic.

Several real-world examples of proxy data at work include:

AppsFlyer: The global leader in mobile attribution and marketing analytics, is proactively using proxy data to combat the real and growing problem of mobile ad fraud. It utilizes proxy data to give mobile marketers the clarity and confidence they need to optimize their campaigns and improve their overall performance by identifying responses from non-humans as well as uncovering uncertainties around their advertising traffic.

Sift: A mobile advertising technology provider utilizing artificial intelligence (AI) and machine learning includes proxy information with a full geolocation data arsenal to improve efficiency and performance of clients’ advertising―helping them avoid wasted impressions and fight click fraud as well as enhance attribution and analytics.

Knowing more about where internet users are accurately coming from as well as how they connect will help marketers improve the monetization of their online advertising and content. Learn more here about the different types of proxies that could negatively impact your online advertising campaigns as well as best practices for selecting a proxy data provider.