This article originally appeared in Information Security Buzz on October 31, 2018.
Google is introducing reCAPTCHA v3, designed to detect bad traffic without user interaction.
Mike Bittner, Digital Security & Operations Manager at The Media Trust:
“reCAPTCHA makes a good addition to any website security toolkit. However, given the increasing sophistication of malicious campaigns, such tools can be undermined. For instance, bots can manipulate the automated actions that the risk scores will trigger. Moreover, bots are simply one among many threats bad actors can pose to websites. Addressing the broader spectrum of such threats will require website owners to police their digital assets by scanning them continuously in real time for any unauthorized actors and activities. This process is crucial because the biggest threats are internal and therefore harder to detect by traditional malware solutions. Chief among these internal threats are third party code suppliers who provide anywhere from 50%-95% of operating code to the sites, and in so doing can introduce to these digital assets vulnerabilities that bad actors are all too aware of.”