New EMA Research Examines the Detection and Prevention of Automated Bot Attacks

Enterprise Management Associates released a new research report titled “The Imitation Game: Detecting and Thwarting Automated Bot Attacks” based on criteria defined by Paula Musich, research director of security and risk management at EMA.

Cyber Security Cybersecurity Device 60504

Enterprise Management Associates released a new research report titled “The Imitation Game: Detecting and Thwarting Automated Bot Attacks” based on criteria defined by Paula Musich, research director of security and risk management at EMA.

Over 20% of all website requests are made by bad bots conducting a range of nefarious activities, including the more ubiquitous application distributed denial of service (DDoS) attacks, as well as price scraping, web fraud, account hijacking, and more. In late 2019, EMA surveyed 209 respondents representing organizations primarily serving North America to learn how defenders are responding to this increasingly virulent attack vector. The research sought respondents primarily in IT and IT security roles representing organizations with at least 500 employees.

52% of respondents indicated that their organization’s public-facing applications had experienced DDoS attacks in the last year, followed by 38% of respondents reporting fake account creation and vulnerability scanning/reconnaissance attacks over that same time period. Depending on the type and size of the organization, the frequency of these attacks ranged anywhere from less than one per day to over 500 times per day.

Attackers continue to up their game by increasing the level of sophistication in their campaigns. The use of simple Python or Perl scripts to mimic the behavior of valid website visitors has given way to the use of Javascript and cookies to appear legitimate. More sophisticated bots even have their own moniker: advanced persistent bots (APBs). These APBs, which make up the lion’s share of all bad bots, can mimic human behavior, seek to bypass CAPTCHAs, hide behind anonymous peer-to-peer proxies, and dynamically rotate IP addresses. Increasingly, attackers try to determine how their bots are initially detected and then reconfigure and relaunch the attack in an effort to evade those detections.

Defenders are responding by turning to a range of different bot detection and mitigation providers, including dedicated bot mitigation vendors, web application firewall providers, content delivery networking services, and others. Such providers are raising the stakes by adding a wider range of telemetry to their solutions and adding new detections that employ machine learning techniques, behavioral analysis, and more on top of existing signatures, challenges, and IP reputation detections.

“Automated bot attacks can cost victim organizations from thousands to millions of dollars annually in lost business, product theft, increased infrastructure costs, and more,” says Musich. In the cat and mouse game between attackers and defenders, though, defenders appear to be gaining the upper hand through the use of more sophisticated detection and prevention tools.”

As organizations build out and manage their defenses against automated bot attacks, they are seeing success in detecting and mitigating the most frequently used attack techniques. This is especially true for application-level DDoS attacks, which the largest percentage of respondents indicated were detected and mitigated in less than one day.

Ultimately, bot defense solutions are enabling users of the technology to limit the amount of damage automated bot attack campaigns are exacting. Respondents in the survey indicated that their use of bot defense technology enabled savings in both fraud resolution and web infrastructure costs.

Latest