Threat Intelligence Report
Automation isn’t slowing down. Bots continue to scale faster than defenses, reshaping how fraud, resale, and credential theft occur online.
Threat Intelligence Report
Automation isn’t slowing down. Bots continue to scale faster than defenses, reshaping how fraud, resale, and credential theft occur online.
Automation isn’t slowing down
increase in account sales since Q2, demonstrating the rising profitability of account takeover (ATO).
a month was earned by a single reseller group, proving that botting isn’t just a hobby, it’s an organized business.
of all events were “basic attacks,” yet their scale and speed still overwhelm traditional defenses. .
A new wave of attacks
Traditional defenses can’t keep up. Kasada’s analysts tracked a surge of automation driven by AI, proxy networks, and human ingenuity, revealing just how adaptable today’s adversaries have become.
A new wave of attacks
Traditional defenses can’t keep up. Kasada’s analysts tracked a surge of automation driven by AI, proxy networks, and human ingenuity, revealing just how adaptable today’s adversaries have become.
Account Takeover Goes Underground
Kasada found marketplaces selling accounts tied to gun retailers and background-check services. With sales up 16% in Q3, ATO is shifting from mass theft to targeted, high-value attacks.
“Legal” Botnets Blur the Line
Proxy networks like DSLRoot pay users to share bandwidth, turning homes into attack infrastructure and hiding malicious traffic behind real IPs.
AI Joins the Adversary Arsenal
Attackers now use AI to analyze data and automate phishing and credential theft. It’s rewriting the rules, forcing defenders to rethink how they detect and respond.
Account Takeover Goes Underground
Kasada found marketplaces selling accounts tied to gun retailers and background-check services. With sales up 16% in Q3, ATO is shifting from mass theft to targeted, high-value attacks.
Online Reselling: Not “If,” but “When”
As more businesses adopt scarcity tactics for sales and product drops, they inevitably attract aggressive resellers. The consequences of online reselling are strategic, hurting businesses long after the initial transaction.
AI Joins the Adversary Arsenal
Attackers now use AI to analyze data and automate phishing and credential theft. It’s rewriting the rules, forcing defenders to rethink how they detect and respond.
From our analysts –
Insights from the front lines
“In Q3, adversaries continued to show a clear preference for proven methods. The infostealer ecosystem remains resilient, with infrastructure disruptions proving only temporary setbacks for well-established operations. The continued proliferation of infostealers highlights that credentials remain a highly profitable and accessible target for cybercriminals.”
Kasada IQ Analyst
“Proxy and hosting providers now enable threat actors through deceptive business tactics that keep them online after takedowns. Their resilience underscores why defenders need to go beyond defensive monitoring and engage in proactive, bespoke defenses.”
Kasada IQ Analyst
About the Data
KasadaIQ provides an inside view into the adversary ecosystem — analyzing millions of automated interactions each quarter across 2,000+ collection points and 23M+ messages from open and closed sources. This intelligence informs our defenses and helps enterprises stay ahead of evolving threats.
More reports from Kasada
Stay ahead of bots
Get access to our monthly intel brief with fresh data, attack trends, and analysis.
