One of the biggest challenges faced by businesses today in the digital landscape is bot attacks. Bots inflict material financial costs on firms by taking over customer accounts through credential stuffing and slow web and app performance through scraping. According to a report by Aite Noverica, bots are responsible for up to 40% of global online traffic and are a leading cause of cyberattacks.
For the uninitiated, an internet bot is a software app that runs automated tasks over the internet. Some bots are legitimate — for example, Googlebot is an app used by Google to crawl the internet and index it for search. Other bots are malicious — for example, bots that scan websites for software vulnerabilities and execute simple attack patterns.
“There are a lot more bot attacks than an enterprise realises, as 99.9% of the traffic reaching the application is from malicious bots,” Dan Woods, global head of intelligence at F5, told FE in a recent interview.
The modus operandi
Bots frustrate loyal customers and prevent purchases through scalping and inventory hoarding, steal gift card and loyalty points through enumeration, and rack up chargebacks and fines by validating stolen credit card data. This leads to revenue loss through lower conversion rates and abandoned shopping carts. Credential stuffing is the worst where bad actors use a bot to try billions of password pairs to login applications as consumers have a habit of reusing usernames and passwords. These attacks end up taking over 0.1% to 3% of the accounts, he added.
“An incredible amount of automation happening during the creation of user accounts for applications. This is where the bad actors use the automation process to create billions of accounts,” he said. “The intention behind creating multiple accounts varies from exploiting a loyalty programme to tampering with the e-commerce websites to sell products at a higher price or stalling the process, resulting in revenue loss.”
Visibility is critical
These instances make it crucial for the C-Suite to assess the top-line and bottom-line impacts of malicious bot attacks and the significant financial advantages of effective bot defense technologies. “The first step in fighting bot attack is to gain visibility. It is then important to assess which is a good automation to list and which is the bad one that should be mitigated. To attain visibility, the solution provider needs to run javascript within web and mobile browsers and install an SDK alongside the mobile native app to collect all sorts of signals about the device, user behaviour and the environment,” said Woods.
A retrospective second stage is required for real-time analysis of the traffic as well as to offer real-time defence to deal with newly discovered malicious traffic.
The F5 Cloud Bot Defense technology provides all of the required ingredients from security model to humans to retrospective second stage for real-time protection to combat the risks.
At the management level, the C-Suites have to be more mindful while dealing with the bot attacks. “The most common mistake that the leaders make is when they suspect the bot, they drop the session, which gives an alert to the attacker, who then re-tools his/her strategy,” revealed Woods.
THE RISE OF BOTS
Bot is a software app that runs automated tasks over the internet
Responsible for 40% of global online traffic
Many types of bots are active on the internet, both legitimate and malicious
Visibility of attack surface is crucial to thwart bot attacks