Radware Tips against malicious Bots
Although more and more cyber attacks are being carried out with the help of bots, many companies are still hesitant to use bot management solutions to detect and ward off such attacks. Meanwhile, bot attacks go far beyond small scraping attempts or spamming. Bots are used today to take over user accounts, carry out DDoS attacks, abuse APIs, steal confidential content and pricing information, and much more.
The attempt to contain malicious bots with in-house resources or solutions is usually not effective. In a study entitled “Development of In-house Bot Management Solutions and their Pitfalls”, security researchers from Radware’s Innovation Center found that managing bots through internal resources actually does more harm than good.
Compared to 22.39% of actual bot traffic, even advanced internal bot management solutions identified only 11.54% of bot traffic as malicious. Half of these were also false-positive results, so that only about one in four malicious bots were detected as such and the same number of labor-intensive false alarms were generated.
The failure of internal bot management solutions has a variety of reasons. Thus, today cyber attackers use advanced technologies to deploy thousands of IPs, bypassing the geographical filtering of traffic. If bots originate from different geographical locations, solutions that rely on IP-based or geographical filter heuristics become useless. Detection requires an understanding of the visitor’s intentions in order to identify the suspicious bots.
A third of evil bots can imitate human behavior
The management of bots is complex and requires a special technology with experts who are well versed in the behavior of good and bad bots. Such bots can mimic human behavior (such as mouse movements and keystrokes) to bypass existing security systems.
Sophisticated bots are spread across thousands of IP addresses or device IDs and can connect via random IP addresses to bypass detection. The programs of these sophisticated bots also know all the common countermeasures with which they are to be stopped. They also use different combinations of user agents to bypass internal security measures.
Michael Gießelbach, Regional Director DACH at Radware
“Internal solutions don’t have insight into the different types of bots, and that’s where the problem lies,” explains Michael Gießelbach, Regional Director DACH at Radware . “These solutions work on the basis of data collected from internal resources and do not have global threat data. Bot management is a niche area and requires a lot of expertise and continuous research to keep up with notorious cybercriminals.”
Rakesh Thata, Chief Technologist for Radware’s Innovation Centre, gives four basic recommendations for fending off malicious bots:
Challenge-response authentication helps to filter simple first-generation bots. There are different types of challenge-response authentications, with CAPTCHAs being the most commonly used. However, challenge-response authentication only helps with filtering outdated user agents/browsers and simple automated scripts. It cannot stop sophisticated bots that can imitate human behavior.
Strict authentication mechanisms for APIs
With the widespread adoption of APIs, bot attacks on poorly protected APIs are increasing. APIs usually only check the authentication status, but not the authenticity of the user. Attackers exploit these vulnerabilities in various ways (including session hijacking and account aggregation) to mimic real API calls. Implementing strong authentication mechanisms for APIs can help prevent security breaches.
Monitoring failed login attempts and sudden spikes in traffic
Cyber attackers use malicious bots to perform credential stuffing and credential cracking attacks on login pages. Since different login data or different combinations of user IDs and passwords are tried with such approaches, the number of failed login attempts increases. In addition, the presence of malicious bots on a website also increases traffic. Monitoring failed login attempts and a sudden increase in traffic can help to take preventive measures.
Dedicated Bot Management Solutions
Although internal measures provide basic protection, they do not guarantee the security of user accounts, business-critical content and other sensitive data. Sophisticated third- and fourth-generation bots, which now account for 37% of bad bot traffic, can perform small and slow attacks or launch large-scale distributed attacks that can have a massive impact on availability. A special bot management solution facilitates the detection and containment of such sophisticated, automated activities in real time.