How to defend against the new and improved bot

It’s almost 9am. I’m primed and ready. Ready to be first in line to buy my tickets for the AC/DC concert I’ve been waiting to come on sale for ever. I’ve always been a fan of AC/DC. The band might not be considered very IT, but everyone has their guilty pleasures. I’m going big this time, I’m getting the best tickets money can buy. Why not? I don’t exactly do this every day. 9am rolls around and I refresh the website, up comes the form, details go in and…and… ‘sold out’. How could they have gone so soon? Surely the whole world wasn’t faster than me?

It’s strange, since this is the second time this has happened to me in the last week. I attempted to get the latest trainers for my daughter and went through a similar ‘primed and ready’ routine but alas, the same result. They were sold out before I could even imagine someone even had the time to put in their credit card details. Sound familiar? Well, more than likely, you lost to a bot, not a person. Bots are everywhere, good ones and bad ones and the bad ones can inflict a lot more damage than a disappointed daughter.

Bots have been around for quite some time now. In the late 1990s, the first generation of bots showed up in scripts with names that, to be fair, weren’t that scary: GDbot, Sdbot etc. They targeted IP addresses with simple requests and would be very easy to defend against today. As time has moved on, we’ve seen a second, third and now a fourth generation of bot that have all evolved with the times. Scripts moved to storing cookies, to mouse movement detection, to honey traps and enhanced look-ups. However, now we are entering a new threat era with ‘man-in-the-browser bots’ that are a lot more serious. The names have become more sinister too, Methbot for example!

Fourth-generation bots are much more sophisticated. They use more advanced human-like interaction characteristics which helps them beat the regular detection available today and they can be distributed across tens of thousands of IP addresses. They are able to use machine learning to facilitate correlation and contextual analysis and can create ‘bot-farms’ to generate millions of dollars in areas such as counterfeit inventory by targeting the premium video advertising ecosystem.

When bots come together, a botnet is created. A botnet is a logical collection of internet-connected devices such as computers, smartphones or internet of things devices whose security has been breached and control ceded to a third party. Each such compromised device is created when a device is penetrated by software usually from a malware distribution channels such as email. The botmaster uses command and control servers to direct the activities of these compromised computers through communication channels using a range of protocols. 

Well documented cases are showing phenomenally high numbers of accounts targeted, from LinkedIn and eBay to Uber and Marriott, which had 500 million accounts affected. The attacks are incredibly serious and have gigantic implications.

Bots can be used for a multitude of things, good and bad. Web scraping for example is an important function of the internet. Price comparison and search engines rely on this form of communication and you as a customer want your wares to be advertised. However, this can be misused too. A web scraper or crawler can suck up significant amounts of bandwidth resulting in unusually high charges for your business, simply because someone just wants to copy your data and repurpose it for their own benefit.

Bots are big business. People sell account takeover, carding, beating captcha boxes, web scraping, scalping and cart abandonment as a service. You need protection against this new generation of advanced Bots. 

There is no question that protection is required and up to the minute protection is essential. A web application firewall (WAF) is the most sensible form of defence, whether in hardware, software or as a service. However, research shows that only 12 per cent of web apps (including websites) are protected, which makes it a feeding ground for the bad guys. Make sure your WAF provider is staying in line with the current threats and offers advanced bot protection. 

Chris Hill is research vice president of public cloud and strategic alliances at Barracuda

This article was originally published in the Spring 2020 issue of The Record. Subscribe for FREE here to get the next issues delivered directly to your inbox.