Radware Report: Malicious Bots More Human-Like
A report published by Radware finds well over half (58%) of the malicious bots tracked in February by the provider of IT security platforms can now mimic human behavior.
Ben Zilberman, head of product marketing for application security at Radware, said as botnets are being employed to launch more cyberattacks, it’s becoming increasingly difficult for IT security platforms to tell the difference between legitimate users and application activity emanating from a botnet.
Not only are the malicious bots increasing in size and number, he said, but they also are becoming more sophisticated in their ability to mimic human behavior. Over a quarter of the malicious bots tracked by Radware are fourth-generation capable of going well beyond performing basic tasks such as logging into a site, said Zilberman.
The issue is especially problematic for digital media sites, where the Radware research finds more than a quarter of all traffic (28%) is now being generated by malicious bots. Adding insult to injury, much of that activity involves scraping content to repost articles on websites that are riddled with malware.
Those sites are then used to drive everything from phishing attacks based on what appears to be legitimate content to scams involving cures for the COVID-19 virus, for example, noted Zilberman. Just less than a third of traffic on e-commerce sites (31%) tracked by Radware in February was generated by malicious bots apparently looking for offers pertaining to sanitizers and face masks to combat the COVID-19 pandemic.
Many of the fake sites that are then created using that content are also driving additional revenue by engaging in click fraud that defrauds advertising networks, he said.
As malicious bots become increasingly able to mimic humans, more organizations will need to invest in heuristics and other forms of artificial intelligence (AI) to identify activity on their sites not being generated by a human. Simply trying to track keystrokes is no longer a reliable means of identifying malicious bot activity, Zilberman said.
Most of those bots are built by either nation-states or “cybercriminal kingpins” who have the financial resources required to continue making investments to advance their capabilities, he said, so IT organizations should assume bot traffic as a percentage of the whole will continue to increase. In a depressed economic climate, it will also be easier for those entities to recruit idle developer talent.
The challenge is that not all bots are evil. There are legitimate use cases of bots that involving, for example, sharing of content between organizations that have a common base of online customers. Nearly a quarter of the traffic on digital media sites tracked by Radware was generated by “good bots.”
Zilberman said most malicious bots target application programming interfaces (APIs), so it’s become critically important to secure all the APIs being exposed to third-party developers. It may be the age of the “API Economy” but as it turns out, one of the biggest beneficiaries of that economy are cybercriminals.
