Revenge of the Bots

Published on the 30/04/2019 | Written by Heather Wright

Bot attacks_Kasada report

Credential abuse bot attacks going un-noticed down under…

Australian businesses are clueless about who – or more specifically, what – is accessing their website, resulting in a spike in credential abuse attacks.

A report from Australian cybersecurity firm Kasada shows Australian companies lack bot visibility when it comes to what is accessing their sites: 86 percent of Australia’s top 250 websites failed to detect whether it was a human or bot accessing the site, with 90 percent of the sites unable to differentiate between a human customer and a bot submitting credentials to their login page.

The Bots Down Under report says credential abuse attacks were responsible for one-third of the 749 reported data breaches in 2018 with the breaches costing an estimated average of AU$2 million per breach, according to a Ponemon report.

“As many aspects of our lives are global – and much of our information now lives online – this shift places tremendous emphasis on businesses to protect and defend against potential threats.”

Sam Crowther, Kasada CEO, says attacks, particularly credential abuse, have the capacity to compromise everything from a customer’s personal information to business and even national security.

“As many aspects of our lives are global – and much of our information now lives online – this shift places tremendous emphasis on businesses to protect and defend against potential threats.”

The company says last year was a big year for bots in Australia, with Kasada capturing data from more than 100 attacks.

“Credential abuse attacks are an emerging attack type. The 2018 OAIC statistics included 34 incidents, so this sample represents a significant insight into a growing problem.”

Of course, bots causing havoc on the internet aren’t a new phenomenon, with an entire underground economy where bots are used for nefarious purposes.

In fact, bots created more internet traffic than humans in 2012, 2013 and 2016, when they were particularly prevalent and problematic during the US presidential election where they were used to create election talk particularly on Twitter – with pro-Trump bots heavily outnumbering pro-Clinton bots by seven to one.

But Kasada says the credential abuse bot threat is new for businesses who haven’t had a chance to properly assess their risk exposure.

The company says businesses also mistakenly believe web application firewalls will prevent the attacks, or they are relying on reactive controls, including password locks or fraud systems.

And it’s not just bot visibility that needs to be addressed, with the report highlighting bot geography as a critical factor too. Ninety percent of credential abuse attacks came from within Australia’s own back yard – Australian networks.

“This debunks the theory of Island Australia. It is no longer sound strategy to geo-block overseas traffic and assume local traffic is legitimate,” Kasada says.

Techniques deployed to avoid detection included creating login requests identical to users, sending their requests from the same ISP networks, knowing that each IP address only submits a small number of requests, rotating http headers or pretending to be common browsers and following Australian daylight hours.

So what’s a company to do when faced with legions of bots…

It’s a given that Kasada is keen to sell you protection – it is a cybersecurity company, afterall – however the report also offers up an action plan to defeat the credential challenge – something it says requires a multipronged approach.

It says companies need to ask if they fully understand the potential impact of attacks against customer portals and what personal user data could be stolen via the portal, along with whether it allows for the extraction of funds or anything of value. Regular reporting, necessary security controls in place and having a data breach responses plan established and tested are advised for the business.

On the IT side, Kasada recommends only regular web browsers are allowed to access web login pages, and adherence to request flow patterns is enforced. “Take actions to alter the economics of attacking your site” and “visualise the human versus bot activity against your login paths are also recommended as precautions”.

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...