Malicious Online Bots: More Than Just a Nuisance

Among the many cybersecurity concerns and threats that companies deal with daily, bots perhaps don’t really rank as high-priority risks. Perceptions about bots often see them regarded as nuisances that skew web analytics results rather than causing security risks.

But there are both harmless and harmful bots, and the malicious ones represent a surprisingly high percentage of online traffic. This article describes some of the security threats bots pose and recommendations to shore up your defenses against their impacts.

How Prevalent Are Online Bots?

The most recent in-depth report into bot activity found that bots account for 47 percent of all internet traffic. These bots are essentially automated programs or scripts that run different tasks and execute commands.

A lot of bot activity is benign. When a search engine like Google indexes and ranks your website’s content, a bot automatically crawls the site at regular intervals to find new pages. Most other harmless bots that visit a site fall into this category – search engine “spiders” that crawl and rank pages.

However, a substantial chunk of internet traffic comes from malicious online bots. Estimates put the figure at around 38% of bot activity being malevolent. If your company hypothetically receives 5,000 website visitors per day, approximately 900 of them will be malicious bots. Which leads to the next question—what are these bots actually doing?

Risks of Malicious Online Bots

Malicious online bots differ in sophistication. Simple bots tend to connect from a single IP address while more advanced bots use various techniques to evade detection. Evasive techniques in more advanced bots include emulating human online behavior via mouse movements and using anonymous proxies.

Web Scraping

Web scraping is a type of malicious bot activity that doesn’t directly lead to serious security incidents like data loss, but it does cause potential financial losses. Web scrapers are bots that harvest data from a website, often for malicious uses. Two common impacts of web scraping are:

• Stolen content: Many companies depend heavily on their websites to inform customers, answer pain points and persuade people to purchase goods/services. This content, in the form of blog posts, sales pages and FAQs, takes time and resources to create. Some scrapers target high-quality sites and repost their content elsewhere without the site owner’s permission.
• Price undercutting: In certain competitive online verticals, like insurance or e-commerce, web scrapers can trawl through a site’s database to automatically find prices or quotes and undercut those prices.

Account Takeover

With billions of stolen credentials circulating on the dark web, threat actors have many username-password pairs to work within their attempts to break into user accounts. Automated bots speed up account takeover attacks, allowing them to use credentials en masse until one pair works and enables them to log in to a victim’s account.

Bots are also commonly deployed in brute force account takeover attacks, where hackers try to exploit the use of weak passwords to hijack an account. Lists of millions of the most common passwords get used until one works.

Denial of Service

Website or web app downtime is something that many companies understandably want to avoid. If your reputation depends on a customer-facing app being always available or if your revenue depends on an always-online site, you have a particular distaste for downtime.

Unfortunately, many hackers enjoy taking sites down just for the sake of it. Known as denial of service, these attacks use bots to disrupt the operation of a site or app by flooding its servers with traffic. The most severe form of this attack is distributed denial of service (DDoS), which uses a veritable army of bots distributed in various locations to overwhelm a target.

Recent tweaks in ransomware tactics see some threat groups combining ransomware with a DDoS attack. The idea is that sectors or companies that are particularly intolerant of downtime (i.e., healthcare and manufacturing) ’ll be more likely to cave into ransom demands if their business-critical operations/systems are interrupted.

API Attacks

APIs drive much of the interconnectivity found in modern online ecosystems. Different apps use APIs to communicate and open up extra functionality for users. But API security still lags behind the pace of this increased connectivity.

Fully aware of this, hackers often use bots to exploit logic flaws in APIs. And since these APIs are easily accessible via the internet, they are ripe targets for attack. A successful attack may enable hackers to masquerade as legitimate users, perform fraudulent transactions, or steal sensitive data.

Preventing and Mitigating Malicious Online Bot Attacks

• Use CAPTCHA Challenges—these challenges weed out a lot of the more brutish bots by presenting them with challenges computers can’t solve. While there are ways around CAPTCHAs (like using click farms to pay a pittance to humans who solve challenges for threat actors’ networks of bad bots), it’s still a typically low-cost solution worth considering. Make sure your CAPTCHA solution is selective enough not to require users to solve them all the time. Otherwise, you risk driving away legitimate website traffic. One good tip is to mandate CAPTCHAs on all outdated browsers; the rationale here is that real users tend to have the latest updates forced on them, so older browsers are more likely to be bots.
• Track Failed Logins—monitoring for failed logins is an easy way to identify malicious bot activity. While a real user might enter the wrong password once or twice, multiple failed login attempts from the same IP is a high-fidelity sign of malicious bots trying to take over accounts.
• Use API Gateways—take steps to prevent bots from attacking your APIs by using an API gateway. This kind of reverse proxy routes API requests and ensures that only desired and approved traffic/apps access your API endpoints.
• Implement Multi-Factor Authentication—strengthening the security of verifying user identities is an effective way to mitigate bot attacks focusing on account takeover. Even if a bad bot manages to guess an easy password or use a legitimate stolen one, requiring extra information, such as a biometric or one-time code, easily stops the bot in its tracks and prevents account takeover.

Get Optimized Gateway Management

Nuspire’s optimized gateway management further shores up your defensive measures against malicious bot attacks. Our team of security experts boosts your network and perimeter security while minimizing business interruptions. The service includes firewall optimization, firewall policy reviews and 24x7x365 SOC support.