Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/23/2020
09:00 AM
Gary Sevounts, Chief Marketing Officer, Kount
Gary Sevounts, Chief Marketing Officer, Kount
Sponsored Article
50%
50%

The $500,000 Cost of Not Detecting Good vs. Bad Bot Behavior

Bot attacks caused financial harm to 80% of eCommerce businesses, according to new research. Read more results, and how bot protection is evolving in response

Bots are a permanent part of the internet. Good, questionable, or malicious bot activity makes up a substantial amount of internet traffic. And bots can perform a variety of both critical and criminal operations. Businesses that can tell the difference – block bad bots and allow good bots – can improve customer experiences. But it’s no easy task.

The recent 2020 Bot Landscape and Impact Report is based on a survey of more than 250 companies engaged in eCommerce. 88% of leaders in business, cybersecurity, and IT reported that complex, sophisticated attacks are more difficult to detect. And existing solutions aren’t working against these emerging attacks.

That poses a major problem, because attacks have become more frequent and costly:

  • 81% often or very often deal with issues related to malicious bots.
  • More than half encountered over 50 bot attacks in the last 12 months.
  • 80% reported an increase in financial loss caused by sophisticated bot attacks.
  • 1 in 4 said a single bot attack cost at least $500,000 in the past year.
  • 2 in 3 say a single attack cost $100,000 or more.

 

Why good, malicious, and questionable bots complicate protection

It’s not enough to simply prevent bot traffic, although even that is not as easy as it sounds. Complex bots can closely mimic human behavior. And bot traffic, both good and malicious, occurs throughout the eCommerce customer journey, including:

  • Account creation
  • Login
  • Point redemption
  • Product selection
  • Checkout
  • Payment

Good bots

Blunt tools that turn away bot traffic can also prevent good bots — and 96% of companies depend on good bots. These bots include search engine and SEO tools, virtual assistants, and chatbots. And they help businesses to optimize operations and enhance the eCommerce journey. 

Malicious bots

Malicious bots can cause damage at any point in business operations. Sophisticated bots can take down infrastructure, freeze inventory, and reduce productivity. And they can steal customer information for financial gain or disrupt the customer experience to cause severe brand damage.

  • Some of the most common attacks are:
  • Brute force or credential stuffing attacks that take over customer accounts
  • Card testing to identify usable stolen credit cards
  • Price or content scraping for a competitive advantage
  • Social campaigns designed to mislead or inflame users
  • Distributed denial of service (DDoS) to disrupt or take down a website or digital service

Questionable bots

Business goals or department perspectives determine if a questionable bot is good, bad, or neutral. For example, scraper bots/web scrapers collect content from websites. They may capture product reviews, breaking news, pricing information and catalogs, user-generated content on community forums, and so on. For some businesses, this activity can promote products on multiple sites frequented by high-value customers. For others, it diverts visitors to a third-party website which reduces advertising and upsell opportunities or hurts the customer experience.

Consequences of bot attacks

Malicious bot attacks can carry major consequences. Crashed websites, compromised customer information, fake accounts, or frozen inventory come with high costs – not all financial. 59% of businesses have lost partners due to bot issues. And 41% report diminished brand reputation.

The evolution of bot detection

Today, digital businesses need to detect bots that penetrate further into the eCommerce operations. While web application firewalls (WAFs) and content delivery networks (CDNs) can defend the perimeter, they can’t identify and manage sophisticated bots within the customer journey. Businesses are urgently seeking tools that can detect and manage different bot types, but don’t disrupt customer experiences.

Why aren’t WAFs and CDNs enough? Three generations of bot detection illustrate the problem:

  • The first generation of bot detection solutions defended the perimeter; they prevented websites or systems from melting down when overwhelmed by requests. WAFs and CDNs were able to stop distributed denial of service (DDoS) and other brute force attacks. Eventually, malicious bots began dodging WAFs to penetrate deeper into an organization’s processes to cause financial harm.
  • In response, the second generation of bot detection moved to the cloud to better detect bots and protect against different aspects of digital commerce fraud. Rather than an exclusive problem for infosec, departments responsible for customer experience began looking for tools beyond WAFs.
  • The new generation in bot detection is event-based protection. Tools can’t always differentiate between humans and the human-like actions of sophisticated bots. But modern solutions embed protection into the business workflow. They compare network, device, and behavioral characteristics with identity trust signals to assess risk in real time. In this way, event-based solutions protect the complete customer journey – from account creation and login to payment and checkout.

Kount’s next-generation, Event-Based Bot Detection applies a layered approach to accurately identify and segment good, malicious, and questionable bots. Kount links network, device, and behavioral characteristics to billions of trust and risk signals in order to assess risk in real time, and in the context of the attack. Businesses gain fine-tuned control over bots throughout the digital journey.

About the Author

Gary Sevounts is the Chief Marketing Officer at Kount. Sevounts has more than 20 years of enterprise technology experience as a seasoned marketer, industry thought leader and spokesperson in security, data protection and fraud prevention. Prior to joining Kount, he served as CMO of Aryaka Networks. Sevounts has spearheaded direction and development for some of the security industry’s most successful brands including Symantec, Panda Security, and Hewlett-Packard.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
oncfari
50%
50%
oncfari,
User Rank: Apprentice
11/24/2020 | 10:44:45 PM
Great Article
Great article, Gary. I always enjoy reading about thiings I don't really think about and suddenly realize that I should as a result of having read it! 😎 Best to you and your family -- stay safe & be well... Michael
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd