HeadHunter implemented Group-IB Preventive Proxy — smart protection against harmful bots

2020: Implementing solution for identification and blocking harmful a bot activity

On October 30, 2020 Group-IB, the international company specializing in prevention of cyber attacks reported that they together with HeadHunter, platform of online recruiting in Russia and the CIS, implemented the solution of Preventive Proxy for identification and blocking harmful a bot activity.

For October, 2020 up to 30% of all Internet traffic generate bots, helping the companies with sale of products and services. Bots answer frequently asked questions, help with the choice of tickets, the order of food or the taxi, downloading of music or sending sending. However not all bots are equally useful. Some of them are created for malicious actions – theft of these users, unauthorized transfers of payments, distribution of fake news, "sklikivaniye" of purchases in online stores or vacancies on the dzhob-websites, spam sending, fake reviews or an output of the websites out of operation. Such harmful activity has negative effect on operability of Internet resources and, as a result, on reputation of the companies.

hh.ru for a long time faces harmful bots, however, since 2019, we began to observe growth of their activity — the director of the department of special projects of HeadHunter Vitaly Terentyev notices. — Potential danger consists that bots try to select passwords to accounts of users of the website, illegally download content, can limit operability of a resource, having overloaded its bot requests. We adhere to preventive approach in all directions of cyber security and it allows us not to allow the critical incidents connected with an infrastructure compromise, date leak and also other risks of financial or image character.

Recently malefactors use more and more perfect bots emulating behavior of users therefore it becomes more difficult to calculate bots. The international analysts of Forrester turned on "bad" bots in top-5 the most relevant cyberthreats for Internet business. Making use of the experience of identification and prevention of fraudulent activity in web and mobile channels, Group-IB developed Preventive Proxy — the solution intended for fight against bots and which became a part of the Fraud Hunting Platform complex which daily protects 130 million users.

HeadHunter one of the first in Russia was implemented by "pilot" of Group-IB Preventive Proxy. In one week of testing to the website there were 26.9 million addresses, of them 1.1% were executed by harmful bots. For comparison: less than 1% were the share of requests to hh.ru from legitimate bots search engines (Yandex, Google, Mail, Bing). Despite high loading of the recruiting platform, the "piloted" Preventive Proxy precisely revealed and blocked vredosnosny activity, at the same time passing requests from the legitimate bots permitted by the hh.ru platform.

Based on piloting of hh.ru the solutions antifraud made the decision on adding of Preventive Proxy in the portfolio.

We are proud of the fact that our subsystem of the Fraud Hunting Platform complex passed tests in the company on online recruiting containing tens of millions of summaries and maintaining hundreds of thousands of responses a day — Pavel Krylov, the head on counteraction to online fraud of Group-IB company comments. — Work of Preventive Proxy is absolutely imperceptible for the visitor of the website, at the same time its digital profile is reliably protected from theft of the identification information, and parameters of the most user session will not be able to be used by harmful bots, thanks to the fact that the solution "remembers" the depersonalized information on behavior of the applicant from what devices he would not visit the website.

In general, according to Group-IB, up to 60% of activity of harmful bots also gaining access is the share of Credential stuffing (the attacks using the stolen credentials) to this by search of passwords). The skraping share (from engl. "scraping") — makes 30%. Another 10% are the share of other types of fraud.