Blog

Jul 09, 2023

SlashNext Report Shines Light on Scope of Airbnb Fraud

Home » Security Boulevard (Original) » SlashNext Report Shines Light on Scope of Airbnb Fraud SlashNext, a provider of a platform for securing browsers, email and mobile applications, today published

Home » Security Boulevard (Original) » SlashNext Report Shines Light on Scope of Airbnb Fraud

SlashNext, a provider of a platform for securing browsers, email and mobile applications, today published a report detailing how cybercriminals are using a combination of infostealers and stolen browser cookies to set up fraudulent websites offering 50% discounts on Airbnb bookings.

Cybercriminals use malware known as “stealers” to obtain information such as usernames and passwords by transferring log data from a browser to an external server or, alternatively, via email or chat application.

SlashNext CEO Patrick Harr said Airbnb has become a favored e-commerce target for these types of attacks, many of which start by buying Airbnb account cookies on various online forums. Cybercriminals then gain temporary access to Airbnb accounts without needing the relevant usernames and passwords.

While these attacks are fairly common overall, in the case of Airbnb, they have reached the “cookie monster” level of scale, he added.

Less clear is whether these types of cyberattacks that target cookies—the foundation of most e-commerce applications—will eventually result in loss of consumer confidence as the number of fake storefronts increases.

Various alternatives to cookies have been advanced over the years with limited adoption. This is mainly because cookies play a significant role in improving the overall performance of web applications.

The only way to thwart these types of attacks is to detect and apply counter measures in real-time, which will require organizations to invest in various forms of artificial intelligence (AI) technologies capable of achieving that goal, noted Harr.

SlashNext has been making a case for using a mix of machine learning algorithms and LLMs it developed to identify and remove, for example, phishing and business email compromise (BEC) attacks from email. Collectively, those capabilities make it possible to use AI to, for example, identify attacks based on tone, intent and other tactics. At the core of those capabilities is a database that analyzes 700,000 potential threats per day.

At this point, it’s not so much a question of if cybersecurity teams will rely more on AI but rather to what extent. AI was initially greeted with skepticism by many cybersecurity professionals, but as it evolves and the volume and sophistication of cyberattacks continue to increase, it’s becoming apparent that few cybersecurity teams will want to do without it. It’s simply not likely there will be enough cybersecurity professionals available to fill all the existing open positions any time soon, so the only alternative is to rely more on automation enabled by AI.

In fact, given the inherent stress involved in securing IT environments, most cybersecurity professionals will soon not want to work for organizations that can’t provide them with the tools required to succeed. Of course, cybercriminals are looking to make similar AI investments; in effect, organizations of all sizes are now locked into an AI arms race. The only thing that remains to be seen is how many sophisticated attacks—using platforms such as WormGPT—will be launched before cybersecurity teams are able to respond in kind.