Why bots are a threat to your business

The online business market space is becoming an increasingly more competitive space on a daily basis.   An e-commerce website , once seen as a competitive advantage 10 years ago,   has now become a minimum must have feature for any business.

The modern customer has become increasingly more demanding, not because they necessarily want or need an exhaustive array of web and mobile applications , it is just that they have grown to expect them.  One of the benchmarks used when evaluating companies to purchase from,  is  the number of digital tools available to satisfy their customer service  needs.

Customers expect convenience.  Customers expect that your company will make it as easy and convenient to trade with them.

Your company can no longer just afford to have a digital presence on line, in the form of a static website advertising your products or services and a contact us from.  Your customers have a minimum expectation that they can interact with your company via  web or mobile application.

Your  a customers not only want to  find the product or service they need, but they expect to find all the information they require about the product via Text,  Video,  Audio, Chat, Phone and Digital content resources, and complete the transaction without even having engaged with a human being.   They also expect that this is  available on which ever platform or device they elect to use.

In order for your business to be found online, you’ll need to invest heavily in a comprehensive digital marketing campaign.   Utilising techniques such as Search Engine Optimisation (SEO), Pay Per Click Advertising (PPC), Content Marketing, Content Distribution , Search Engine Marketing (SEM) ,  Affiliate Marketing and General Online Advertising.

There is no question that raising your profile online, will no doubt increase your revenue potential. However, there is a downside in that it also draws the attention from the dark and seedy side of the internet.   The dark criminal element that conspires to make as much as $3 – 5 Million a day from the online advertising market.

The potential  for fraud online is massive and companies can fall victim to it in so many ways.  In fact, your company may fall prey to online scam on a daily basis and will not even be aware of it.

Everyday your website is probably  being visited by a dozen or more bots, some are known as  Good Bots – such as Google, Bing, Baidu, Yandex etc – the rest are for more nefarious reasons.

The fact is that almost half of all internet traffic comprises of bots and this is set to further increase. Due to the huge potential for fraudsters to make massive financial gains just by implementing an army of bots!

What are the type of bots causing mayhem?

The modern bot landscape comprises a number of different types of malicious bots each designed with a particular purpose in mind.

Scraper bots – These bots are are designed to steal content :-  prices, product catalogues ,  blog content, PDF contents etc.  A large proportion of these bots may be employed by your  competitors via third-party scrapers to steal and monitor your website content.

Spam bots –  Primarily target community portals, blog comment sections and lead collection forms. They are used to  insert unwanted advertisements, links and banners and links of a malicious in nature i.e.   phishing sites, targeting unsuspected users into divulging sensitive information like bank accounts and pass codes.

Scalper bots – Target ticketing websites, and make bulk purchases. The objective to purchase hundreds of tickets as soon as the bookings open, in order to resell  many times  the original cost of the ticket.

Zombie Bots – a computer that has been compromised and has become a slave to the person who controls it along with hundreds or thousands of other computers as part of a bot net.

File-sharing Bots – take the user’s query term (i.e. a movie or song title) and respond to the query stating that they have the file available and provide a link to it. In reality, the bot takes the search query term, generates a file by the same name (or similar name), and then injects a malicious payload into the fake file. The unsuspecting user downloads it, opens it, and unknowingly infects their computer.
 

Chatterbots – These chatterbots pretend to be a person and are generally good at emulating human interactions. Some people fall for these chatterbots, not realizing that they are malicious programs that attempt to obtain personal information and even credit card numbers from unsuspecting victims.
 

Conclusion

Bots with malicious intent represent a significant percentage of web traffic, businesses need to understand and quantify the risk that bad bots represent to their respective organizations. The relentless evolution of bot attacks and their networked counterparts, botnets, are the malicious army of the cybercrime world.

Botnets are used to:

  • Test stolen identities (to open new accounts or take over existing ones)
  • Conduct a distributed denial of service (DDoS) attack
  • To launch spam
  • To steal sensitive credentials

 

Fraudsters are compounding the problem by adjusting their botnet attack patterns to mimic usual customer behavior: low and slow tactics rather than high volume / high frequency. This manages to bypass traditional web application firewall (WAF) solutions that would detect high volume DoS attacks.

WAFs were designed to prevent attacks against Web servers – not those on customer identity. As a result, they rely heavily upon IP Reputation services and IP velocity filters to detect bots. This method has been proven ineffective against bots that rotate IP addresses and have access to previously leaked user credentials, often from another site, enabling them to fly under the radar.

In order to completely secure your website and be vigilant against fraud and malicious intent you will need to adopt a multi layered approach to security. No one solution covers all basis and even though there may be some overlap between services which may be seem redundant or even conflicting. In our experience it is not a good idea to adopt a one vendor strategy when it comes to security, due to the fact that fraudsters may target a specific vendors suite of products as they have discovered a specific vulnerability or means to circumvent the protection.

Gary Woodfine

Founder & CTO of threenine.co.uk. Experienced full stack software developer well versed in delivering web & mobile applications utilizing cloud architectures. Areas of speciality include cross platform development in .net , PHP, JavaScript.

π
%d bloggers like this: