Cybercriminals are using the bots through thousands of distinct
IP addresses to run distributed denial of service (DDoS) attacks, make
fraudulent purchases, and exploit potential vulnerabilities
Come holiday season and online
shopping spree begins with full force, making the eCommerce websites an
attractive target for cybercriminals to launch attacks. This November,
Barracuda Networks, a trusted partner and a leading provider of cloud-enabled
security solutions, detected millions of bad bots attacks that were been used
by the attackers to run distributed denial of service (DDoS) attacks, make
fraudulent purchases, and scan for vulnerabilities they can exploit.
Barracuda researchers in the middle
of the month, ran the Barracuda Advanced Bot Protection in front of a test web
application, and detected a staggering number of bad bots in just a few days
with millions of attacks coming in from thousands of distinct IP addresses.
When viewed by the time of day, the researchers found that the bots don’t just
wait until the middle of the night to attack. In fact, the bot activity peaks
late morning and goes on until 5 p.m., which indicates that the cybercriminals
aka “bot herders” follow a regular working day.
Bad bot personas are bots that have
been identified as malicious based on their pattern of behavior. They are
grouped by User-Agent, some of which are good. For example, GoogleBot, which
crawls sites and adds them to search rankings, is good and should not be
blocked. Cybercriminals have been using different ways to spoof good
User-Agents to conduct the attacks. The bad bots spoof these known good
User-Agents, which would need deeper scrutiny to tell them apart.
To identify a bot as being bad when
the User-Agent claims to be a good search engine, Barracuda researchers use
different methods; Injecting honeytraps like hidden URLs and JS challenges;
Using rDNS (reverse DNS lookup) to verify bots coming from a claimed source;
Inspecting whether the client is trying to access URLs used by common app
fingerprinting attacks; and analysing further with ML, in case the methods
don’t work out. HeadlessChrome, yerbasoftware, and M12bot are some of the bad
bot personas that showed an increase in numbers.
With the holiday shopping season
expected to continue in full swing till the New Year, eCommerce teams should
start taking necessary steps to safeguard their applications against bad bots.
They must install a well-configured web application firewall as a service
solution and make sure that the application security solutions include anti-bot
protection to effectively detect advanced automated attacks. eCommerce websites
should further turn on credential stuffing protection to prevent account
takeover.