Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

4/17/2019
02:20 PM
50%
50%

Ever-Sophisticated Bad Bots Target Healthcare, Ticketing

From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.

Websites increasingly have to watch out for automated programs posing as human visitors — in other words, bots, which continue to become more sophisticated, according to a new report from bot mitigation firm Distil Networks.

While bot traffic has fallen as an overall percentage of visits to websites, the automated programs have become more sophisticated in their attempts to appear human. Financial firms, ticketing services, and educational sites see anywhere from 38% to 42% of their traffic come from bots, and both ticketing and healthcare top the industries targeted by the most sophisticated bots, according to the "2019 Bad Bot Report," based on data Distil collected during 2018.

"Bots are moving from the traditional scraping and ticketing and airlines bots, which are the industries that have been the most victimized up to now," says Edward Roberts, senior director of product marketing at Distil. "They are now moving to these other industries, and we have seen a lot of fraud cases in those markets."

Automated programs have been a key component of the Internet economy, albeit inhabiting a gray area of information collection. From automating port scanning, to collecting price information from e-commerce hubs, to the site indexing and scannings done by Google, bots have become the basis for many Internet firms' business models. 

Good bots do not harm the business models of those companies from which they scrape data. But bad bots are collecting information on behalf of competitors or, worse, are the vehicle for outright fraud. Criminals can use bots, for example, to test usernames and passwords, fraudulently boost product ratings, or conduct ad fraud. 

"Many companies are finally recognizing that they are under attack," says Amy DeMartine, principal analyst for application security at market research firm Forrester. "They go from not caring whatsoever to needing a solution right now. The problem is that they were under attack all along and didn't realize that until a specific incident."

There are some indications of improvement. Over the past year, humans have taken back a significant portion of Web visits, accounting for 62% of all traffic (up from 55% in 2017). The gains represent a flip flop from five years ago, when bots made up about 60% of all traffic, according to Distil's report.

Yet the sophistication of bots continues to increase. In November, for example, bot detection firm White Ops announced it had found a large-scale ad fraud operation, dubbed 3ve, powered by compromised PCs that drove billions of daily ad requests and netted between $3 million and $5 million per day. The investigation led to the arrests of three men and criminal charges against five more people.

More than 21% of all bad bots are considered sophisticated, according to Distil.

In another recent report, Internet infrastructure firm Akamai also warned of the increasing sophistication of bots and the operations behind them. The company found that bad bots are increasing trying to appear human or, at least, mask their origins by changing Internet addresses and modifying their digital fingerprints to match known-good applications.

"The complexity of attacking bots, rather than the volume, should be what concerns defenders most," says Martin McKeay, security researcher and editorial director at Akamai. "Bot development has moved from being an individual working on her own tools into a methodology that would't be unfamiliar to many teams in the DevOps world. The organizations selling bots are actively looking for developers with skills related to individual businesses and overcoming defenses by name."

The most sophisticated bots are impacting the ticketing business and healthcare, according to Distil. Nearly 28% of the bad bots scraping ticketing sites and reserving tickets are programs that use mouse movements, browser automation software, and malware-infected PCs to camouflage themselves as human traffic, according to Distil.

The existence of a great deal of sensitive personally identifiable information (PII) makes healthcare potentially lucrative, Distil's Roberts says. 

"Once you gather the PII, you can get a good profile of that person," he says. "If you are in healthcare, someone can get information on insurance and health conditions or fulfill a prescription that way. It is an area ripe for abuse."

While relatively new, it is a popular target for more advanced techniques, with 24% of bad bots considered "sophisticated," according to Distil's report.

Related Content

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35196
PUBLISHED: 2021-06-21
** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended fo...
CVE-2010-1433
PUBLISHED: 2021-06-21
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauth...
CVE-2010-1434
PUBLISHED: 2021-06-21
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulne...
CVE-2010-1435
PUBLISHED: 2021-06-21
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5...
CVE-2010-0413
PUBLISHED: 2021-06-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.