Who benefits from bots?
When it comes to discovering who benefits from bots the answer is a complicated one as not every bot has malicious intent.
However, according to Statista, the latest figures from 2023 show the estimated annual cost of cybercrime in the UK was the equivalent of $320 billion. This figure is projected to increase to more than $1.82 trillion by 2028.
The average cost of a data breach worldwide is around $4.35 million, and this is also compounded by the downtime and disruption – as well as a loss in consumer confidence – that is caused by being the victim of cybercrime.
A PwC UK survey in February 2023 of UK senior executives found that 33 per cent anticipated a significant increase in cyberattacks against cloud management interfaces.
With bots now accounting for nearly half of all global internet traffic, and malicious bots making up a third of that total, it’s important for any business owner to understand the potential dangers they can bring.
What are malicious bots?
Essentially, a malicious bot is an application designed to help cybercriminals commit crimes ranging from fraud to data theft and extortion.
These types of bots are able to use advanced technology to carry out tasks like data mining, brute force attacks and ad fraud at a speed and scale beyond that of a human.
Among the milder offenses malicious bots are guilty of are metrics invalidation and occasional resource overloading.
Here at Veracity Trust Network, we have grouped the most common form of bots we see within our platform into 12 types. These range in risk level from nuisance through to dangerous and their objectives scale from wasting ad budgets and phishing through to DDoS (distributed denial-of-service) and data theft.
The most dangerous types include Account Takeover, Scrapers, Spambots, and Scalpers.
Account Takeover Bots
Account Takeover is a form of identity theft and fraud. It happens when someone gains control over an account by using the customer’s credentials and makes unauthorised transactions on their behalf.
Scrapers
Scraper bots are tools or pieces of code used to extract data from web pages. Web scraping software may directly access the World Wide Web using the Hypertext Transfer Protocol or a web browser. It is a form of copying in which specific data is gathered and copied from the web, typically into a central local database or spreadsheet, for later retrieval or analysis.
Spambots
A spambot is a computer program designed to assist in the sending of spam. Spambots usually create accounts and send spam messages with them.
Scalpers
Scalper bots automate the entire checkout process. In less than a few seconds, they can login, add items to cart, enter personal details and credit card information, and complete the purchase.
Kevin Gosschalk, Founder/CEO of Arkose Labs, is an industry expert on the evolving fraud and cybercrime landscape.
He said: “The level of sophistication in automation is, quite frankly, stunning. While this may seem interesting from a high-level viewpoint, why should businesses care about this development?
“Well, the answer to that is because these intelligent bots power many of the fraud attacks that target digital businesses and their customers.”
Who is using them?
This is a complicated question with a variety of answers. Not all bots are malicious, therefore not all those who use them are doing so with bad intent. Chatbots, information bots, indexing bots etc, all work to the benefit of various purposes either gathering data for search engines like Google or Bing, helping customers with queries, or delivering answers for frequently asked questions.
But there are bad actors at play, including nation states, who seek to use the functionality of bots for criminal purposes, including data scraping, ransomware, disruption of government or business activity.
In 2023, the former Chancellor of the Duchy of Lancaster, Oliver Dowden, issued a warning when he was Cabinet Office Secretary, about the risk of Russian hackers organised along the lines of the paramilitary Wagner group seeking “to disrupt or destroy” parts of the UK’s critical national infrastructure.
And the UK reached its highest level of ransomware attacks in 2022 according to figures available from the Information Commission’s Office (IOC) – at 34% of all reported cybercrime.
There are other ways they can be used, including by industry competitors, including:
- Using bots to crawl web pages and steal content;
- Serving spam, scraping information, and generating fake ad impressions in online marketing campaigns;
- Driving bad ad placements in fraudulent programmatic platforms;
- Filling out forms with fake information to create bad leads;
- Spamming your organisation’s contact or survey forms with bad messages—which can keep you from responding to genuine inquiries;
- Posting fraudulent reviews on websites to make products and services look better or worse than they actually are to potential customers.
How do they work?
Bots are gaining in sophistication, becoming more “humanlike” and advanced and the criminals operating them don’t have to follow the same rules and regulations as those who are fighting cybercrime do.
This means these malicious bots are easy to obtain and deploy for even the most unskilled of potential criminals. They are able to bypass legacy solutions and defences that most businesses have in place.
Using tactics including IP and fingerprint spoofing, human behaviour mimicry and complex signatures to make them appear genuine, they can get past many traditional cyber prevention methods.
In 2021, Arkose Labs conducted a poll of 100 IT executives and found that there are many negative consequences in failing to deter these attacks. Damage to brand reputation, operational costs and loss of new customers were the top three business impacts cited by respondents as a result of bot attacks.
Malicious bots with the most significant impact on business revenues were spam bots (76 per cent) and scraping bots (51%) according to the majority of respondents. Credential stuffing bots also significantly impacted around half of all those surveyed.
And in an article in Forbes, Emma Woollacott notes: “Generative AI, as you’d expect, is making things worse, with the volume of simple bots increasing to 40% in 2023, up from 33% in 2022.”
She added: “Meanwhile, account takeover attacks rose by 10% in 2023, with 44% targeting API endpoints, compared with 35% in 2022. In fact, of all login attempts across the internet, 11% were associated with account takeover. The worst-hit industries were financial services at 37%, travel at 12% and business services at 8%.”
Allowing malicious bots into systems through cyber breaches is very bad news for businesses in a multitude of ways:
- Loss of revenue associated with brand websites being inaccessible and or through performance degradation;
- Increased expenditure for operations like infrastructure, authentication expenses and the time employees spend on bot mitigation;
- Fines issued by regulatory authorities like the Information Commision’s Office which issues penalties for breaches of General Data Protection Regulation (GDPR) or through breaking anti-money laundering (AML) regulations;
- Tangible damage to brand reputation resulting from negative press and loss of customer confidence.
From client-side attacks that steal sensitive data, to bots that leverage it to commit fraud – as financial incentives grow and attack costs lower, the risk to all organisations and their brand website increases.
How can you identify malicious bots?
Businesses need a strategic and grounded approach to mitigating the threat from malicious bots, this must begin with identifying the risk. The first step to stopping or managing bot traffic to a website is to include a robots.txt file. This file provides instructions to bots crawling the webpage and can be configured to prevent them visiting or interacting with it at all.
Of course, it should be pointed out that only genuine bots will comply with the rules of a robots.txt file, malicious bots will be able to ignore it depending on their programming.
According to Forrester Consulting’s State of Online Fraud and Bot Management, 78% of organisations are using denial-of-service (DDoS) protection, web application firewall (WAF), and/or content delivery networks (CDNs) to manage bots but only 19% have a full bot management system in place.
The purpose of any “cyber hygiene” is to ensure all devices used by businesses (smartphones, laptops, tablets and desktop computers) and the services they access – both online and in the office – are protected.
Regardless of what kind of bot traffic you attempt to mitigate, there are three key steps in the process:
- Identifying bot traffic: You need to be able to identify a malicious bot from a human user in order to then implement filters to prevent it occurring again;
- Assessing bot behaviour: This is where understanding the difference between good and malicious bots is necessary;
- Blocking damaging bots: Once identified, you need to be able to prevent malicious bots from accessing your website or data.
Dedicated tools will also help mitigate against malicious bots. Veracity’s Bot Protection Suite is an Artificial Intelligence (AI)-powered, patented solution to stop malicious attacks, data theft, ad click fraud and more.
It works by using Machine Learning (ML) and AI at ultra-fast speed, to identify bot traffic, intelligently using this information to detect behavioural patterns and protect against potentially malicious bots.
Our award-winning bot protection suite helps businesses mitigate against the risks, reduces wasted spend, improves customer experiences, and provides deep reporting insight into your system’s true performance.
It began as a tool to intelligently detect click fraud and save money for businesses using online advertising, now it works to protect against malicious bot attacks and compromised data.
Our bot protection suite is a focused point-solution, something which is required in this rapidly changing environment. It works with your existing security stack and integrates seamlessly with in place DDoS and WAF solutions.
This is because we sit client-side rather than server side, giving us access to data points other security solutions simply don’t have.
Find out more: https://veracitytrustnetwork.com/integrated-security-stack