Threat Intelligence

Battling Bots Brings Big-Budget Blow to Businesses

Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.

A new report carries the unsurprising news that battling botnet attacks is a way of life for modern business security teams — a way of life that carries heavy costs in both technology and personnel.

"The Critical Need to Deal with Bot Attacks," published by Osterman Research, surveyed more than 200 large organizations with a mean employee count of just over 16,000. All had externally facing Web applications with login pages and were actively working to prevent, detect, and remediate attacks against those applications.

According to the report, the average company surveyed suffers 530 botnet attacks each day, though some organizations see thousands of attacks each day, with some attacks probing millions of potential victim accounts every hour.

The numbers in the Osterman Research report broadly mirror those seen in other security reports issued in 2018. One example is Akamai's "Summer 2018 State of the Internet/Security: Web Attacks Report," which noted that many botnets follow a "low and slow" tactic of probing accounts in at attempt to remain undetected by automated systems, while others floor victims with probes in a strategy of overwhelming defenses and retrieving valued information.

In the face of recent attacks, such as that against Starwood/Marriott, in which the attack's "dwell time" inside the database was roughly four years, the average time to detect a botnet attack reported in the Osterman Research survey — 48 hours — may seem remarkably fast. Add in another 48 hours for remediation, and first attack to remediation is four days. In a public-facing Web application, though, that can mean four days of data exfiltration or four days of reduced application access due to a denial-of-service attack, depending on the nature of the botnet.

And keeping the response time as short as it is requires an organization to devote expensive, precarious resources to the battle. According to Osterman Research, most organizations — three in five — have no more than two staff members devoted to a botnet response, while only one in five devotes four or more staff members to the fight.

Each of those staff members is expensive, with the fully burdened cost of a bot-fighting security specialist averaging more than $141,000 each year. Each of those staff members is kept busy working with multiple pieces of equipment, as 91% report using a Web application firewall, 49% an IPS/IDS, 40% a SIEM, and lower percentages other technology in combination to combat Web attacks.

According to the report, the average organization now has 482 potential applications vulnerable to bot attacks and spends an average of 2,600 person-hours per year managing the threat. In the report's final section, on dealing with the threat, the No. 1 recommended activity is for an organization to understand the full cost of responding to bot-based threats to Web security so that appropriate steps can be taken to battle the automated attackers.

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4035
PUBLISHED: 2019-03-22
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X...
CVE-2019-4052
PUBLISHED: 2019-03-22
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
CVE-2019-9648
PUBLISHED: 2019-03-22
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
CVE-2019-9923
PUBLISHED: 2019-03-22
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVE-2019-9924
PUBLISHED: 2019-03-22
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.