In June 2022, hackers launched an attack against Australia’s largest Chinese-language platform, Media Today. The attackers made over 20 million attempts to reset user passwords in the platform’s registration system. However, these attackers weren’t humans but bots – complex, automated programs that swarm around the internet carrying out instructions.
If you’re a benign bot, you could be harvesting data for search engines. If you’re a bad bot, you’re more likely to be targeting digital systems, web applications and application programming interfaces (APIs), intent on data theft, fraud, denial of service, and more. At speeds and volumes that human attackers couldn’t match.
Our latest data shows that in the first six months of 2023, bots accounted for just under half (48%) of all internet traffic – with bad bots making up the majority of this, 30% overall.
Bad bot attacks are evolving to become more sophisticated. They are getting better at mimicking human behaviour and bypassing traditional security controls. And, having done so, they are being used for more advanced attacks against organisations.
This includes vulnerability scanning to find and exploit bugs, as well as brute force and credential stuffing/password spraying attacks to compromise and take over email accounts – particularly those they can reach through vulnerable APIs. The bots come armed with millions of potential permutations of usernames and passwords and will bombard targets relentlessly, as can be seen from the Media Today incident.
APIs are a growing target for bot attacks because they are relatively under-protected and used extensively for automated processes and communications. Further, the growing use of APIs has made it easier for bots to access and manipulate data at scale.
..
Support the originator by clicking the read the rest link below.
