In previous articles, we discussed the evolution of bad bots from very simple crawler bots to sophisticated bots making requests from mobile devices. However, many security teams struggle to fully understand the nature of the continuing problem caused by bad bots and the ongoing arms race that bot defenders face from bot operators.
Consider this, if you want to run a massive list of stolen credentials against a site to see which pairs provided access, how would you avoid detection?
Some simple techniques would be the following:
- Identify as a known browser with an up-to-date user agent
- Hide in different countries
- Hide in different data centers hosted by cloud providers
On the other hand, what of the advanced techniques used by bot operators?
- Mimic human behavior
- Load external resources
- Support cookies
- Use browser automation (Selenium, PhantomJS)
- Infect desktop and mobile devices using malware to create a botnet
Moreover, persistent bots use the following techniques to attack a target business continuously:
- Dynamic IP rotation
- Distribute attacks across IP addresses
- Hide behind anonymous and peer-to-peer proxies
Increasingly, the bot problem is an arms race. Bots are mimicking real human workflows across web applications to “behave” like real users. They are obfuscating their activity by reverse engineering detection systems. Advanced attackers now show definitive behavior that they know about the technology they’re trying to defeat, and they’re continuously learning how to adapt their tactics.
In the 2019 Bad Bot Report, 73.6% of all bots exhibit these advanced and persistent traits. Read the report to find out ways to mitigate the bad bots from exploiting your business.
About the AuthorMore Content by Edward Roberts