With botnet attacks increasing, how can businesses deal with them?

With botnet attacks harder to detect, business need to have the right solutions in place to deal with them.
10 September 2021

Botnet attacks continue to increase globally despite businesses beefing up their cybersecurity. Today, there is a myriad of cyber threats that can disrupt an organization.

From malicious malware to phishing, and denial of service attacks, botnet attacks now adds to the list of challenges businesses face in protecting their organization.

While these attacks are being dealt with, bot attacks have also been reporting an increase. Using automated web requests, bot attacks are cyber-attacks that tamper with a website, application, or device.

According to a recent report by Barracuda Research, bots make up nearly two-thirds of internet traffic, with bad bots making up nearly 40% of all traffic. These bad bots often target e-commerce applications and login portals. Botnets are used to disrupt businesses on the internet — what starts from a simple spamming operation can eventually evolve into a complex threat that can defraud or manipulate users.

Attacks across all industries

North America accounts for about 67% of global bad bot traffic. Interestingly, most of these bots originate from two large public clouds – AWS and Microsoft Azure. Europe only amounts for 22% of bad bot traffic, with bad bots likely coming from hosting services or residential IPs.

“While some bots like search engine crawlers are good, our research shows that over 60% of bots are dedicated to carrying out malicious activities at scale. When left unchecked, these bad bots can steal data, affect site performance, and even lead to a breach. That’s why it’s critically important to detect and effectively block bot traffic,” said Nitzan Miron, VP of Product Management, Application Security, Barracuda.

A recent example of a bot attack was experienced by a Californian Community College. Scammers used bots to disrupt the student application system in attempts to score student aid and federal pandemic relief grants. Some 65,000 fake applications were filled by bots.

The U.S. Department of Education’s Office of Inspector General said they are investigating the bot outbreak in California along with a law enforcement agency and had alerted thousands of colleges nationwide to the potential scam. The system has since tightened up its online portals, but officials acknowledge that they have been unable to thwart the intruders.

Another example is a bot that was caught attempting to scrape information from a business-to-business e-Commerce store in the UK. Disguised as a standard browser, the bot came from a residential IP address. Fortunately, the e-Commerce business was able to realize that their site was being accessed from a residential customer and was able to detect and block the bot.

(Photo by Natalia KOLESNIKOVA / AFP)

Netacea, a bot detection and mitigation platform, surveyed the effects of bot attacks on the e-Commerce industry. The results revealed that 72% of e-Commerce websites and 83% of e-Commerce mobile apps were attacked by bots last year. 89% of these businesses took two to six months to realize they were attacked by a scalper bot.

Coming in partially or fully automated forms, scalper bots target highly-anticipated hype products and place them in shopping carts faster than any human. This has led to over half of e-Commerce businesses overstocking due to incorrect data from bot activity, as their sales were exaggerated by these bots’ activities.

Meanwhile, account checker bots test leaked usernames and passwords on a website login page. Websites are often not able to distinguish bot interactions from normal human interactions, allowing attackers to try combinations until they find one that works.

Netacea reported that account checker bots are popular among cybercriminals and cost retailers about 4% of their online revenue in the last 12 months. Customer satisfaction has also dropped by 5% for one out of five e-Commerce sites as the bots affect the integrity of customer data.

Dealing with botnet attacks

Due to rising incidences of botnet attacks, botnet management platforms are now increasingly being leveraged to help businesses deal with these issues. As botnet attacks can be hard to detect at times, organizations need to ensure they have the right solution in place to swiftly and efficiently deal with these threats — before more damage is done.

Netacea and Barracuda Networks are just some of the cybersecurity vendors that can help businesses deal with botnet attacks.

For Netacea, the first step of minimizing any botnet attack is to recognize the problem and have real-time detection and mitigation solutions to stop bots at the point of entry.

Barracuda Networks suggests that companies consolidate Web Applications and API Protection Services (WAAP). WAAP helps identify and stop bad bots in their tracks, which in turn, improves both user experience and overall security. Barracuda also suggests businesses take advantage of machine learning to effectively detect and block hidden, almost-human bot attacks.