Threat intelligence feedback loops are an increasingly vital tool in the escalating battle against bots.

Nick Rieniets, Field CTO, Kasada

December 20, 2023

4 Min Read
Heads representing bots; most are green, but one is red
Source: Brain light via Alamy Stock Photo

In the classic sci-fi film Blade Runner, bounty hunter Rick Deckard is tasked with tracking down bio-engineered "replicants" who are virtually indistinguishable from humans. These days, online businesses must grapple with their own version of the replicant dilemma, as they try to make it easy for their human customers to use their sites, while keeping out a new generation of human-like bots.

Bots, of course, are hardly a new phenomenon and have played a pivotal role in shaping the Internet as we know it today. Unfortunately, a good deal of modern bot traffic is malicious. From using bots for account takeover (ATO) attacks to Web-scraping activities that extract valuable data without permission and carding attacks where stolen credit card information is tested in bulk, our digital landscape is riddled with nefarious bot activity.

And, like your typical dystopian sci-fi flick, tomorrow’s bad bots are only growing smarter, stealthier, and more autonomous.

Bots: A Non-Stationary Problem

Bot developers have devised several sophisticated techniques to circumvent device fingerprinting technologies, which have become a popular way to authenticate users with minimal friction. By employing headless browsers, these bots can execute tasks like a standard browser but can be scripted to change their behaviors and profiles, thus bypassing traditional fingerprinting methods.

Advanced bots are also programmed to recognize these static rules and can dynamically adapt their behavior to avoid detection. For instance, if a rules-based solution is designed to flag rapid, repeated requests from the same IP address, a more sophisticated bot might dynamically respond by distributing its requests over a range of IP addresses to avoid triggering a predefined threshold.

Non-stationary problems are tough to solve because they are, by their very nature, reactive. We need to approach the bot problem not just with cutting-edge technology; we must also work to incorporate novel methodologies that can accommodate the same cycle of continuous adaptation and learning used by our adversaries.

3 Tips for Creating Effective Feedback Loops

Feedback loops that leverage real-time intelligence have quietly become one of the most important engines of innovation in our modern world. Apps like Google Maps can automatically reroute our trips. Smart watches use feedback loops to monitor our vital signs.

Similarly, threat intelligence feedback loops are an increasingly vital tool in the escalating battle against bots. But building an effective feedback loop can be an arduous process that requires equal parts perseverance and patience. Consider the following ways actionable threat intelligence can create adaptive feedback loops:

  • Know your enemy: The most effective anti-bot solutions recognize that even the best technology will only take you so far. Feedback loops require care and feeding in the form of bot intelligence — what security controls are bots targeting, and how are they bypassing them? This means identifying and infiltrating the highly secretive private communities where bot operators gather to sell their wares and share information with one other. From monitoring traditional Dark Web carder forums and securing access to the invite-only Discord and Telegram channels where trust is hard-earned to investing the time to build and maintain a diverse roster of criminal personas who have established credibility in these communities, this type of boots-on-the-ground intelligence is a laborious yet essential feedback input.

  • Disrupt the attacker's feedback loop: Bot operators also rely on their own feedback loops to inform and improve the efficacy of their tools. Anything that slows down their ability to iterate and improve their bots ultimately diminishes their impact. Thus, anti-bot platforms will set up honeypots both to deconstruct botter tactics and to ensure they don't receive any useful feedback. Or they might generate intentionally ambiguous error messages when a suspected bot is plying their network as a more specific "too many attempts, access denied" message might provide the bot operator with some useful insights that can be applied to their next version. By obscuring the results of a bot's actions, you make it that much harder for an attacker to understand how a defensive system reacts to their activities.

  • Intelligence must be actionable: While gathering timely bot intelligence is crucial for staying one step ahead of bot operators, it's only half the battle. For it to become truly useful, intelligence must be actionable and operational to respond appropriately to the latest bot threats. Given the breakneck velocity at which the bot industry moves, this capability is critical to enabling automated defense systems such as blocking, redirecting, or throttling suspicious traffic. User-behavior analytics also require real-time, actionable intelligence in order to push risk-triggered multifactor authentication alerts when suspicious behavior is detected.

There's little doubt that bot developers will continue to create more elusive bots that will further blur the line between man and machine. And while every day it gets a bit harder to tell the difference, at least these replicants don't (yet) walk among us.

About the Author(s)

Nick Rieniets

Field CTO, Kasada

Nick Rieniets has been fighting bots since 2002. His early experience at  MessageLabs (acquired by Symantec in 2008), introduced him to the dangers of malicious automation. His subsequent career focus on web application security coincided with the rapid escalation in digital security threats. As one of the early members of the Kasada team, Nick has been instrumental in the development of the company’s Field and Security Engineering teams. Based in Melbourne, he is dedicated to battling malicious automation and inflicting maximum pain on bots.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights