Cyberlytic news

The Rise of the Bots: Web Application Security

Over half of all website traffic comes from bots as opposed to humans. Staggeringly, more than half of those bots are considered to be bad bots. Good bots are the ones collecting information and performing simple tasks for businesses and the bad ones are used by cyber-criminals acting maliciously. It’s becoming even harder to decipher between good bots and bad bots as hackers are becoming more adept at concealing themselves by impersonating the good ones. They attack websites by behaving like a regular site user, whilst at the same time searching for and stealing user credentials and valuable data.

The most common threats to websites by bad bots include:
  • Vulnerability scanning: Botnets are used to look at the properties of websites and search for security weaknesses.
  • Credentials:  Bots try different login credentials until they find valid ones that can be used for fraud.
  • Payment details: Attempting various payment details that have been previously stolen in order to verify them as well as purchasing goods using someone’s debit/credit card.
  • DDoS: Botnets generate huge amounts of traffic to a website, rendering it unreachable as there is too much traffic.

Manual bot detection is reactive and inefficient. For security teams, going through logs and IP addresses manually, then adding rules to their web application firewall based off the patterns found is not an effective use of resources. Machine learning can now be used to automate botnet detection by analysing HTTP traffic in real time and searching for anomalies within it. A lot of bad bots use unsophisticated techniques and can be blocked easily with a firewall. However, if they scan for vulnerabilities in a system and find one, they can use it to gain access to data successfully. Therefore, implementing an advanced detection tool that will alert security teams quickly of the higher risk threats is key to good defence.

Identifying attack patterns through machine learning by looking at a business’ incoming and outgoing traffic enhances web application security greatly. There is no need to rely on rules, or to trawl through large volumes of data and even zero-day attacks can be detected.