August 14, 2018
Bot Wars: How to Stop the Next Wave of Attacks
Posted July 7, 2017
This is the third in a three-part series about bots.
In parts one and two of this three-part series, we looked at a recent surge in malicious bot offensives that have painted a broad and very dire picture of the threat posed by these small, online applications.
As you read this, hackers are deploying bots in an attempt to relaunch the WannaCry ransomware that incapacitated hospitals, transportation systems and businesses in 150 countries, putting many lives in danger.
As many as 500 million computers are estimated to be infected with malware, such as Fireball, that can turn them into massive botnets for launching attacks or freezing affected systems for ransom.
Then there’s the Internet of Things — home cameras, implanted pacemakers, electrical grids, nuclear arsenals and more. While this segment was the target of last fall’s epic Mirai denial of service (DDoS) attack and still remains shockingly vulnerable, it is set to grow to more than 20.7 billion connected devices by 2020.
Meanwhile, 94 percent of the Cloud-based apps used within your company lack sufficient security against bots, according to Mary Meeker’s 2017 Internet Trends Report. And, unfortunately, more than one-third of visitors to your website are malicious bots.
Bots and bot attacks are no longer only the realm of sophisticated hackers. Increasingly, “Bots-as-a-Service” (BaaS) schemes enable anyone with a laptop to take over credit card accounts and, let’s say, buy $15,000 in American Girl dolls. Seriously!
Here’s an action plan for obliterating the threat and blocking future bot attacks.
Perish the Bot
These days, cybercriminals are skipping old-school brute force attacks in favor of a “low and slow” approach to make bots appear like legitimate site traffic, making it hard for Web Application Firewalls (WAFs) to detect them.
What’s more, WAFs are designed to prevent attacks on Web services, not against customers. With bots using stolen identity credentials harvested through an endless number of corporate data breaches, they can easily slip by without notice.
That’s why, at ThreatMetrix, we prefer a layered, digital identity-based approach. Our solution combines global, crowdsourced intelligence on users, devices, locations, and malware gleaned from millions of daily transactions to detect bot activity and other indicators of fraud.
No matter the digital identity solution you deploy, five key capabilities should be in place if you want to be successful in the fight against bots.
Five Core Capabilities
- Low-and-slow bot identification to accurately identify bot behavior, including granular intrusion from indeterminate traffic that easily bypasses WAF.
- Identity and behavior analytics that continuously monitor for contextual anomalies deviating from established patterns between users, their devices, networks, locations, accounts, and hundreds of other dynamic identity elements that go far beyond just login credentials.
- Global, shared intelligence that ties together all user actions everywhere around the world. The ThreatMetrix Digital Identity Network, for instance, processes millions of transactions daily to identify bot attacks across industries, geographies, and more.
- Botnet proxy detection to spot bots trying to mask location. Our TrueIP can pierce through proxies to find the IP address of the actual user behind the bot attacks, as well as all of their related fraudulent activities and accounts.
- Application integrity and malware detection to assess all devices connecting to your website, checking installed apps for threats or malware, including key loggers, Trojans, man-in-the-browser and man-in-the-middle attacks.
A global retailer that deployed the ThreatMetrix solution reports that is now able to block more than 90 percent of all bot traffic, and has cut overall bot-based access attempts by 50 percent without negatively impacting the user experience.
And a leading online bank was able to rapidly shut down previously undetected automated bot attacks made through its mobile channel, saving the company millions almost instantly.
Three Key Considerations
While the requirements for invulnerable defenses are substantive, winning the bot wars doesn’t have to be daunting. Look for a solution that offers:
- Rapid, lightweight deployment: ThreatMetrix offers a broad combination of defenses against bot-based account takeover in a solution that imposes little burden on your IT resources—and without the need to deploy new servers, user tokens, or additional infrastructure.
- Friction-free protection: Unlike strong authentication solutions that require token deployments and step-ups, look for a solution that easily secures logins without creating any user friction.
- Up-to-date, global intelligence: Internal and partner data sources are not enough. You need a global network of thousands of businesses to ensure constant access to real-time global threat intelligence. The ThreatMetrix Digital Identity Network is the largest in the world.
One Easy Way to Get Started
Download our exclusive white paper on How to Defend Against Bot Attacks, and contact us using the ‘Schedule a Demo’ button on this page.
We’d be happy to help you achieve victory in the Bot Wars now—before the next big attack begins.