How To Tell The Good Bots Vs. The Bad Ones

BEC

Though botnets may make life more convenient, a security firm says that roughly 40 percent of them are actually malicious, VentureBeat reported late last week.

According to Distil Networks, for every cool, new bot — designed to help make shopping, weather, travel and even real estate easier — there are bad bots being created that post a serious security threat to consumers.

“Bots are the centerpiece of a hacker’s toolkit,” Rami Essaid, CEO and cofounder of Distil Networks, a security firm specializing in bot detection and mitigation, explained.

In Distil Networks’ “2016 Bad Bots Landscape Report,” it noted that hackers utilize bots to intercept Web traffic and automate attacks, as well as exploit website vulnerabilities.

In the past, bad bots were primarily used to apprehend information from competing businesses, such as intellectual property, financial data and inventory and pricing information.

“Now, we’re seeing a lot more interest from companies seeking to protect business-to-consumer activities,” Essaid said. “Bad guys are buying lists of usernames and passwords and then brute-forcing their way into banking, eCommerce and health care, as well as the Postal Service and the IRS.”

Though it’s still too soon to know exactly how detrimental bad bots will be for consumer-facing services, the report confirms that there is still a looming threat.

“Bad bots are more prevalent on hardwired networks than on mobile, but their numbers are growing,” Essaid stated. “The more accessibility to install and download bots there is, the more wary you need to be.”

Earlier this year, the Global Fraud Attack Index, a PYMNTS and Forter collaboration, found that online fraud attacks have jumped by 11 percent since the move to EMV in October.

Digital goods retailers have suffered the worst of all, as those merchants (think games, songs, movies) have seen a more than 300 percent increase in fraud attacks since the liability shift.

The culprit? Botnets. Eighty-three percent of domestic attacks have utilized botnets, while less than 50 percent of European attacks and less than 40 percent of attacks around the rest of the world deployed them.

According to the study, a potentially misleading aspect of botnet attacks, at least in 2015, is that while botnets were the most common method of online fraud during the year, they also primarily targeted low-dollar-value transactions.

Given, therefore, that botnets do not currently present a particularly high degree of risk on a per-transaction monetary basis compared to forms of attack that go after big-ticket transactions, some in the industry may be tempted to regard botnets with a lesser degree of concern than they do other, more established (and more familiar) types of attacks, such as account takeover and identity theft.

However, just because botnets primarily stick to the low-hanging (i.e., low-cost) fruit in eCommerce transactions, that’s certainly no reason to sleep on them.