When Bots Attack— And How to Stop Them

Bot attacks, which use automated web requests— essentially, Internet robots— to disrupt websites, applications, APIs, and end users, sound like the subject of a dystopian horror film. Unfortunately, they’re real, and increasingly persistent. Here’s what you can do stop them.

For years, businesses have relied on software applications to run automated tasks, such as retrieving web content, generating messages, and following social media accounts. These automated tasks are performed by what are commonly known as Internet bots. Some bots are legitimate, for example, Googlebots used by Google to search data.  Bad bots, on the other hand, are designed to imitate human interactions, then  used by bad actors to identify software vulnerabilities, send email spam, and wreak havoc online.

Advanced bots, based on the Chrome browser, simulate human activity by clicking on-page elements. If that doesn’t sound serious, think again. This year, attackers used bots to create millions of false PayPal accounts during a sign-up incentive campaigns. The result? Plummeting stock shares and a disappointing forecast.

The motives behind bot attacks vary, from fraud to general disdain for the enterprise, but high damage potential is the common denominator. Netacea, a server-side bot management company, conducted a survey that revealed 72 percent of eCommerce websites and 83 percent of eCommerce mobile apps experienced a bot attack in 2020. Even worse, 89 percent of companies surveyed took two to six months to discover the attacks.

Luckily, preventing, detecting, and mitigating bot attacks is possible. Effective approaches include static analysis tools that identify abnormal header information and web requests, and rigorous cybersecurity assessments. To learn more about Securance Consulting’s security testing services, including advanced penetration and (APT) simulation testing, contact us today.