Not all bots are born equal. Some bots, like search engine crawlers, are good, bad ones are automated to perform large-scale cyber attacks. And if not detected, these malicious bots can steal data, impact a site’s performance, and even lead to a databreach.
In the latest Barracuda Networks report, Top Threats and Trends – Insights into the growing number of automated attacks, the company describes emerging traffic patterns, real-world examples of bot behavior and detection, and finally the steps IT teams should take to protect their organization. The study shows that these malicious bots account for nearly 40% of all Internet traffic.
However, the report not only examines the volume of traffic produced, but also the source of these bot attacks and the time of day when attacks are most likely to occur. And this is an important aspect. For example, the researchers found that cybercriminals who “launch” these nasty bots prefer to hide within the normal flow of human trafficking to avoid triggering the alarm of the defenders. Trivial, right? But this also means that the common stereotype of a hacker attacking late at night in a dark room in front of green characters on a black screen is to be abandoned. Attackers set up their bots to perform automatic attacks during office hours and are likely asleep at night.
He confirms it Emanuele De Lucia, lead researcher at Cluster25: “Bots designed to perform malicious operations are a big problem for any reality that has an online presence. Virtually all sites and applications on the net are attacked by this type of threat every day. According to our data (January-June 2021) on average 19% of the web traffic of an e-commerce portal is generated by malicious bots “.
And indeed, among the examples described in Barracuda’s analysis, researchers tell of a malicious bot pretending to be one scanner known vulnerabilities (therefore a good bot) but actually performs a systematic reconnaissance to identify the vulnerabilities of the sites to be attacked. Another tries to brute force access to a commercial page, another tries to steal information from a business-to-business e-commerce store in the UK. Another is related to the bot trying to access the login portal of an Indian manufacturer producing unusually high traffic by impersonating a mobile device while connecting to a hotspot.
Bots decide the pieces on the web
But to understand how bots can affect users’ choices, a good example concerns the techniques of price management on the web. We all know that commercial offers on the web are established starting from the detection of a series of information on who surfs it and on the devices they use and that based on this information two different users will find different prices for the same product, but the price can be determined by the bots impersonating potential buyers. Here, one of the bots identified by Barracuda worked for this: he performed the price scraping on an e-commerce store based in Eastern Europe. Price scraping is an illegal price tracking tool used to track other valuable information in ecommerce and travel. The bot is therefore capable of extracting information from the web catalog of each competitor, including pricing and all other changes that revolve around selling a product online e acts exactly the same way a real user would do, surfing the web in a natural way, despite being the result of a mathematical algorithm but allowing thedevelopment of an e-commerce dynamic pricing strategy. What does it mean? It means that thanks to the data that emerged from the use of this price tracking technique, it is possible to analyze when competitors’ prices rise and fall, and to what extent, to change their own and not lose the profit margin as prices change. of competitors.
The thugs who drive the bots
He adds de Lucia: “E-commerce portals are actually those most affected by bots as they can arouse the interest of different types of operators. There are the “Resellers” bot operators who aim to buy products with high demand and limited availability on online stores to then resell them and earn money; there are the “Competitors” who use bots in order to carry out actions of unfair competition on the prices and contents of the competition; and then there are the “Criminals” who use them to automate the practices of brute forcing the access credentials of administrators and customers of e-commerce portals in order to access any data relating to payment methods to collect them and then resell them or to use them directly in fraud or theft “.
In fact, Barracuda researchers analyzed traffic patterns in the first six months of 2021 and found that:
- Bots generate nearly two-thirds of Internet traffic, with bots which account for nearly 40% of all traffic.
- E-commerce applications and login portals are the most common targets of advanced persistent bots.
- North America accounts for 67% of malicious bot traffic and the most of it comes from public data centers.
- Most of the bot traffic comes from the two large clouds public, AWS and Microsoft Azure, more or less equal.
- Just over 22% of malicious bot traffic comes from Europe; European malicious bot trafficking is most likely from residential IP or hosting services.
“While some bots such as search engine crawlers are harmless, our research reveals that over 60% of bots are dedicated to carrying out malicious activities on a large scale,” said Barracuda’s Nitzan Miron. effectively block bot traffic “.
There are few and not too imaginative suggestions for dealing with them: secure applications, install a firewall for web applications, invest in protection against bots with advanced solutions, and use machine learning to detect and block hidden bot attacks that seem (almost ) humans.
However, as defenses increase, these solutions become more and more sophisticated. “But you have to be careful to program them in the right way – he tells us Stefano Fratepietro by Tesla consulting – in the end on the paid cloud like those of Aws and Microsoft there are also home mini bots that manage situations of any kind, from the robot that on Amazon checks every 15 minutes to notify you to buy an item as soon as it becomes available , up to those for the IoT and home automation management. For example, if the weather foresees bad weather, the robot, suitably programmed, automatically closes all the windows of the house, for you ”. Useful, right?