An underground economy is helping to create bots that automate cyberattacks against websites, making it tough for businesses to keep warding off these fast-evolving threats.
At a time when many are seeking to digitize their operations, cyber criminals are being armed with sophisticated tools that make it easier than before to gain unauthorized access into user accounts.
The playbook is not new. What these malicious actors are essentially doing is acquiring “dumps” of user credentials online and using them to access accounts on popular sites that sell sneakers, streaming services or other items.
The big difference is the automation that is enabled by increasingly sophisticated bots in such credential stuffing attacks. These bots are sold to cybercriminals in the shadier corners of the Internet, enabling them to launch an attack without much know-how.
The bots not only go through a long list of thousands of credentials – they are often targeted at certain sites, customized to the requirements of a group of cybercriminals to overcome basic cyber defenses.
These bots are commonly rented out by their creators, with some even coming with “product support” and “service level agreements” to help cybercriminals overcome difficulties in successfully getting in.
Tools such as Snipr, for example, help to verify if a list of credentials is still valid so cybercriminals get a head start in their attempt to gain access.
With a bot tool such as CyberAIO, they can try to overcome a Captcha challenge, commonly used by websites to keep out bots.
Some of today’s more sophisticated bots can plug into a commonly used Captcha application programming interface (API) and connect to a human Captcha puzzle solver for hire to solve the puzzle and gain access in an automatic fashion.
Keeping out the bad bots
For businesses that have their operations digitized, the difficulty in tracking and keeping out such bots adds a new dimension to their cybersecurity challenges.
They cannot simply block off bots or make it too difficult for legitimate users to login. Otherwise, they will leave for a competitor that is just a click away.
To combat this scourge, they have to rely on continuous vigilance and see it as a multi-layered business problem as well as a unique technology challenge.
First, they have to understand what is happening on their website. What kind of legitimate users and bots have to be allowed to run, for starters? What might be considered unusual?
Are the malicious bots opportunistic bots or targeted bots? One could be merely scraping content while another could be actively trying to overcome basic defenses such as Captcha. Understanding this is an important first step in mitigating the threat.
Second, businesses have to respond to the changing threat by reducing their risk surface. They cannot simply block traffic outright but they can try to analyze how these bots are trying to interact with their website.
This can only be done through client-side data collection, by collating a massive volume of bot traffic globally to understand what good, legitimate traffic looks like.
Here, businesses will have an important role to play in identifying what “good” looks like. This could rely on a combination of many different factors.
For example, a bot or user can be analyzed based on the way a request comes in, or how that particular request is interacting with the website.
Remember that not every bot is going to look the same because cybercriminals will change their techniques to test what works. As they introduce new bots and methods, detection needs to keep pace with that. Clearly, businesses cannot go it alone.
This is where Akamai’s bot management solutions, such as Bot Manager, come in. They offer behavioral-based detections with advanced machine learning algorithms powered by unmatched volumes of data on the company’s intelligent edge platform.
Interacting with 1.3 billion unique devices on a typical day, Akamai can identify anomalies in hundreds of signals collected from clients to detect the most sophisticated bots.
On average, Akamai detects more than 480 million bot requests per hour and 280 million bot logins per day, taking action at the edge to protect digital businesses from a continuously evolving bot landscape.
This gives defenders a much-needed edge over the attackers. Instead of having security controls on their own data centers, businesses can tap on Akamai’s cloud-based servers to keep threats at arm’s length.
In other words, they will be fighting a battle not at their own front door but at the attacker’s front lawn. That lets the good guys keep focused on what they do best – their business.