Elly Yates-Roberts |
Not all bots are bad – there are good bots, like those used by search engines and price comparison services. But bad bots are increasingly an issue, whether they’re buying games consoles and concert tickets or automating attacks on corporate networks and application programming interfaces (APIs).
Bots used to be an expensive investment for criminals, but now you can hire bots – and the infrastructure they need – as a complete service. Criminals are using them in all sorts of ways and classic bot attacks are still going after any sort of limited commodity.
However, the modern bot is far more complex and sophisticated than a simple scraper or automated online purchase tool. They are being used to probe corporate infrastructures all day and all night. They seek out credential weaknesses to take over user accounts. And they increasingly target APIs, either to take over accounts or as a way to bypass traditional security set-ups.
Today’s bot providers have evolved too – they are highly professional and well organised. They even keep standard office hours, and don’t just operate in the middle of the night.
Modern bots are often linked to apparently legitimate online identities, credentials and email accounts to bypass basic protections and the latest version of reCAPTCHA. They are linked to compromised residential internet accounts and their traffic comes from thousands of different and apparently legitimate IP addresses, making defence far tougher.
All this means that bots do a remarkably good job of hiding in standard browser traffic. This makes defending against them difficult, especially if you don’t want to irritate customers or users with onerous identity procedures or risk blocking legitimate traffic. Defending your infrastructure against bot attack therefore needs to be considered as a crucial part of your holistic defences.
Barracuda’s Web Application Firewall includes Advanced Bot Protection, which combines built-in bot identifiers along with cloud-based AI and machine learning systems to spot bot attacks. It uses data from a massive honeypot network to spot known bots and also allows you to allow approved bots by internet protocol (IP) address or uniform resource locator (URL). It provides a clear dashboard to keep track of bot activity, where it is coming from and which applications are being targeted.
It is fully configurable to provide the best defence without blocking legitimate customers or traffic. It even allows you to take proactive action against bots. Blocking a bot allows it to attack you again via another IP address or identity. Instead, you can opt to send bots to a ‘tarpit’ where their actions are slowed right down and their resources are wasted with zero impact on your systems.
Chris Hill is regional vice president of public cloud for Barracuda Networks
This article was originally published in the Summer 2021 issue of The Record. To get future issues delivered directly to your inbox, sign up for a free subscription.