April 20, 2018
April 18, 2018
Posted July 7, 2017
This is the third in a three-part series about bots.
In parts one and two of this three-part series, we looked at a recent surge in malicious bot offensives that have painted a broad and very dire picture of the threat posed by these small, online applications.
As you read this, hackers are deploying bots in an attempt to relaunch the WannaCry ransomware that incapacitated hospitals, transportation systems and businesses in 150 countries, putting many lives in danger.
As many as 500 million computers are estimated to be infected with malware, such as Fireball, that can turn them into massive botnets for launching attacks or freezing affected systems for ransom.
Then there’s the Internet of Things — home cameras, implanted pacemakers, electrical grids, nuclear arsenals and more. While this segment was the target of last fall’s epic Mirai denial of service (DDoS) attack and still remains shockingly vulnerable, it is set to grow to more than 20.7 billion connected devices by 2020.
Meanwhile, 94 percent of the Cloud-based apps used within your company lack sufficient security against bots, according to Mary Meeker’s 2017 Internet Trends Report. And, unfortunately, more than one-third of visitors to your website are malicious bots.
Bots and bot attacks are no longer only the realm of sophisticated hackers. Increasingly, “Bots-as-a-Service” (BaaS) schemes enable anyone with a laptop to take over credit card accounts and, let’s say, buy $15,000 in American Girl dolls. Seriously!
Here’s an action plan for obliterating the threat and blocking future bot attacks.
Perish the Bot
These days, cybercriminals are skipping old-school brute force attacks in favor of a “low and slow” approach to make bots appear like legitimate site traffic, making it hard for Web Application Firewalls (WAFs) to detect them.
What’s more, WAFs are designed to prevent attacks on Web services, not against customers. With bots using stolen identity credentials harvested through an endless number of corporate data breaches, they can easily slip by without notice.
That’s why, at ThreatMetrix, we prefer a layered, digital identity-based approach. Our solution combines global, crowdsourced intelligence on users, devices, locations, and malware gleaned from millions of daily transactions to detect bot activity and other indicators of fraud.
No matter the digital identity solution you deploy, five key capabilities should be in place if you want to be successful in the fight against bots.
Five Core Capabilities
A global retailer that deployed the ThreatMetrix solution reports that is now able to block more than 90 percent of all bot traffic, and has cut overall bot-based access attempts by 50 percent without negatively impacting the user experience.
And a leading online bank was able to rapidly shut down previously undetected automated bot attacks made through its mobile channel, saving the company millions almost instantly.
Three Key Considerations
While the requirements for invulnerable defenses are substantive, winning the bot wars doesn’t have to be daunting. Look for a solution that offers:
One Easy Way to Get Started
Download our exclusive white paper on How to Defend Against Bot Attacks, and contact us using the ‘Schedule a Demo’ button on this page.
We’d be happy to help you achieve victory in the Bot Wars now—before the next big attack begins.