Top 5 Most Vicious Bad Bots

Classified by The Open Web Application Security Project (OWASP) as ‘automated threats’, bad bots can be used to perform a plethora of actions on the application layer, from basic requests to elaborate sessions with sophisticated requests. Some of these bots are more malicious than others. This makes them a menace to all business sectors, with some threats being shared across industries, while others are more specific to certain industries. Yet they all share a similar goal: making a profit for their operators. In this blog, we rank some of the most vicious bad bots running rampant on the internet today.

  1. Account Takeover Bots (Credential Stuffing, Credential Cracking)
    Unequivocally the most nefarious of bad bots. Account Takeover is a form of identity theft in which bad actors gain illegal access to user accounts. Account Takeover can be performed using several types of automated threats, predominantly Credential Stuffing (mass log in attempts used to verify the validity of stolen username/password pairs) and Credential Cracking (identifying valid login credentials by trying different values for usernames and/or passwords). Identity theft is nothing to scoff at, especially when attempted at a massive scale, and the ramifications of a successful attack are far reaching for both businesses and customers. Unmitigated attacks may also lead to brownouts and denial of service, resulting in lost business and inflated infrastructure costs.
  2. Scalping Bots (Grinchbots, Ticketbots, Sneakerbots, Vaccine Bots etc.)
    These have been plaguing the internet for years now, but only recently have they been making the headlines due to their upsurge and targeting of new markets during the global pandemic. Scalping is the act of obtaining limited-availability and/or preferred goods and services by unfair methods for the purpose of reselling them at a higher price point to make a profit. Scalpers have been targeting highly coveted sneaker releases, concerts and sporting events for several years now. In 2020, they leveraged the panic caused by the pandemic to stockpile commodities as online shopping increased in popularity and retailers’ stocks were running low in the first weeks. In addition, during the second half of the year, they used Grinchbots to target the launch of a new generation of gaming consoles as well as GPUs and CPUs. This resulted in a highly inflated resale market for these items that made millions for bad bot operators worldwide. The situation is so severe, that it is predicted to last well into 2021. Other than causing great frustration for buyers unable to purchase the items, scalpers severely hurt the business as well. They slow down websites, increase infrastructure costs and hurt conversion rates as well as business reputation.
  3. Carding and Card Cracking Bots
    Bots that perform financial fraud are one of the biggest threats to retail, entertainment, financial services and travel. Really any website with a payment processor is at risk of credit card fraud. Bad bots are being used to verify stolen credit card numbers by making multiple small payments (Carding) or trying to identify missing information like expiry dates and CVV numbers (Card Cracking). They directly hurt the fraud score of businesses as well as increase customer service costs in order to process fraudulent chargebacks.
  4. Spamming Bots
    Also known as Fake News Spam and Comment Spam, these bad bots are being used to spread fake news, propaganda and even post fake reviews to blemish rival products. They are also being used to hide malicious content, like malware, inside click-bait links. These mainly affect social networking sites, news and media as well as retail websites. In some more elaborate scenarios, spamming may even lead to various cases of fraud.
  5. Scraping Bots (Price and Content)
    Proprietary data theft, like custom content or pricing information has a direct impact on the business. It could be that your competitors are scraping your prices to offer better ones and beat you in the search for the best price. It could also be theft of custom content, like conversion rates in the financial services sector for example. This enables competing companies to present more attractive conversion rates and win business.

Download your copy of the Bad Bot Report 2021 and learn much more.

Cloud Native Now

The post Top 5 Most Vicious Bad Bots appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Erez Hasson. Read the original post at: