Guest:

  • Shawn Valle is the former Chief Information Security Officer at Rapid 7

The World of Online Platform Abuse and Fraud


In Episode 3 of Know Your Adversary, our discussion takes a look into the world of online platform abuse and fraud. We explore threat actors’ use of bots to make bulk purchases online. We also tell the story of a security researcher on the wrong side of the law. Learn about the path he took from disclosing a breach to demanding a ransom payment. Shawn tells us about two major threats he faced prior to taking on his current role. Each of those threats warranted different levels of attribution. In the first case, he was faced with bot programmers who abused the platform to “cut in the digital line” when major retailers were having online sales. In the second case, he was faced with a security researcher who compromised a third-party supplier, exfiltrated sensitive data, and threatened to go public if a ransom payment was not made. Our guest is former Chief Information Security Officer at Rapid 7, Shawn Valle.

Here are some of the key takeaways from the episode:

Different types of fraud, but similar techniques. While fraud on technology platforms differs from fraud against other industries, many of the techniques used to combat the abuse is the same. This is especially true when it comes to threat actor engagement.

Whether we are discussing “Trust and Safety” issues related to online platforms or fraud related to scams against employees, applications, or customers, both types of exploits result in reduced consumer confidence. In both cases, as Shawn explains, organizations must take aggressive steps to engage directly with threat actors to stop and attribute the fraud and ensure confidentiality, integrity, and availability of services.

Not all levels of e-crime require attribution and unmasking. The extent to which a victim will pursue threat actors varies. Many fraud prevention programs exist simply to identify the tactic being used to commit the fraud and ensure the fraud stops so the product or service can function properly. In many cases, the effort necessary to identify, pursue, and arrest the fraudsters is simply not worth expending resources.

Many levels of loss and reputation impact do require the attribution. As we discussed in last month’s episode with Randy Pargman, when security researchers or insider threats make contact with a victim and threaten a sizable payment or face public disclosure, attribution that goes beyond tactics and techniques is necessary. Shawn discusses another real-world example.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks