Many marketers assume website security is not their problem. However, as the stewards of their organization’s external brand, marketers must understand how the brand is impacted by activity on the website. This includes malicious bot traffic that could deteriorate the user experience and skew analytics, says Edward Roberts, Director of Product Marketing at Distil Networks
It all started on a Tuesday in January 2017. Peter found a gift card lying in the road that someone must have dropped accidentally. He took it home and entered the 18-digit number on the retailer’s gift card balance check webpage, which revealed that the gift card had $100 stored on it. Free money! Peter then thought to himself, “They can’t be that stupid… can they?” But they were.
Peter isn’t your typical web user – he created and manages a botnet, a network of thousands of computers located all over the world, that he rents out to hackers and fraudsters to conduct all kinds of nefarious activities. The botnet can be used to steal miles from travelers’ airline accounts, break into ecommerce customers’ accounts and purchase goods with the credit card on file, post restaurant reviews that contain spam and malware, and scrape prices and content from so many websites he’s lot count.
In the case of the gift card heist, fraudsters deploy Peter’s botnet on hundreds of retail websites to test millions of potential gift card numbers per hour, requesting the balance for each one and selling those with money on them on the dark web. The retailers and gift card owners are none the wiser until the money is gone.
Unfortunately, this story is an everyday occurrence, as there are scores of malicious bot operators like Peter all over the world, available for hire by anyone looking to exploit a digital scam.
The crazy part is, bad bot operators are not stealing the contents of a private database or looking for security vulnerabilities. They simply exploit the business logic of your website.
About the Author
Edward Roberts leads Product Marketing and has over twenty years experience in technology marketing. Previously he worked for Juniper Networks, heading up Product Marketing for the Counter Security team. Before that he ran marketing for Mykonos Software, a web security company.More Content by Edward Roberts