theDocumentId => 1341295 Netacea Creates Bot Management Open Source Framework

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

03:50 PM
Dark Reading
Dark Reading
Products and Releases

Netacea Creates Bot Management Open Source Framework

BLADE provides a standard approach to combatting malicious bot attacks across a broad range of industries.

Manchester, UK – 14 June 2021 – Netacea, a bot detection and mitigation specialist, unveiled today the world’s first bot management framework. The Business Logic Attack Definition Framework (BLADE) sets the stage for shared understanding and knowledge among vendors, cybersecurity professionals and customers who are proactively tackling an increasing number of malicious bot threats. Available as an open-source framework, BLADE is based on extensive input from businesses, industry influencers and Netacea’s own in-depth research into threat group activities and bot attack cycles.

“As MITRE Corporation have demonstrated with their ATT&CK matrices, having a framework to build a shared understanding of abuse of our systems can be a great enabler for defenders. As other retailers of limited-edition high demand “hype” products have also found, the use of bots poses a significant business challenge and having a structured means to develop and share understanding within the business and with partners is welcome,” said Simon Goldsmith, Team Lead for Information Security Strategy and Programmes at Adidas. “I believe contributors to the BLADE framework will see significant business benefits in sharing their knowledge. It proves a commitment to collaboration in solving an important problem and we look forward to developing and further proving its value.”

Netacea discovered that bots are comprised of separate specialised automated processes that work as one to infiltrate businesses. These bots take a modular approach to attacks and are programmed to overcome any challenge, such as CAPTCHA.

Netacea was able to detail the six stages of a scalper bot attack in the BLADE framework:

  • Resource Development (Pre-Attack) – Adversaries build or attain access to the infrastructure they will need in launching the attack (such as proxies to hide the true source of the attack).
  • Attack Preparation – Adversaries start preparing the attack by creating accounts and aggregating them under a single point of control.
  • Reconnaissance – Adversaries look for a specific item like a PS5 and the exact moment it becomes available.
  • Defence Bypass – Adversaries might be challenged by defences, such as CAPTCHA, during any of the stages of the attack. If this occurs, this module design will kick in, bypass the defence and hand control back to the bot module managing reconnaissance.
  • Attack Execution – When the item is identified as being available, the bot will automatically move on to executing the attack by purchasing the item.
  • Post Attack – After the product has been purchased, adversaries will seek to bring it into their position while bypassing any restrictions on one item per customer or address.

Once the attack stages for a scalper bot attack were confirmed, Netacea analysed the tactics, techniques and processes of other types of bot attacks and captured all automated bot threats and their lifecycles in a series of comprehensive kill chains.

“The threat landscape has been shrouded in ambiguity and misinformation for too long, and bot actors have taken advantage of it to cause significant damage which costs businesses globally,” said Matthew Gracey-McMinn, Head of Threat Research at Netacea. “Taking inspiration from the MITRE ATT&CK Framework, our ambition with BLADE is to silence the noise in the industry, provide security operation teams with a level of understanding and knowledge that has not yet been available, and empower those teams to detect and mitigate malicious bot attacks. Our goal? Help stop bots in their tracks – no matter who is doing the stopping.” 

Netacea’s research also uncovered that many organisations behind bots operate at a professional level, with consultants, help desks and highly specialised infrastructure providers accessible through covert forums. This has contributed to the easy availability of bots by bad actors from all walks of life.

Gracey-McMinn said as bot attacks grow in volume and sophistication, it’s crucial that bot defence systems mature and develop to combat the evolving threat. “Our latest survey, which will soon become available, found that on average it takes businesses three months to detect that a bot attack has occurred. This is in part due to the lack of a unified approach and shared language in the bot community and a lack of understanding around the methods and motivations behind bot attacks. The absence of methodology and framework has left the door open for threat actors to continually exploit businesses in a way that leads to reputational damage, lost revenue and skewed website analytics,” he said.

To learn more, please join an upcoming webinar during which Netacea will introduce BLADE, show how it captures automated bot threats using a series of kill chains, and explain why a bot framework will help businesses combat the bot landscape. The webinar – Introducing BLADE: Netacea's Mitre ATT&CK Style Framework for Bots – takes place on the 16th June at 16:00 (UK) / 11:00 (ET). It is hosted by Sandy Carielli, Principal Analyst serving security and risk professionals at Forrester Research, and Matthew Gracey-McMinn, Netacea’s Head of Threat Research.

About Netacea

Netacea, a bot detection and mitigation platform, takes a smarter approach to bot management and is a recognised leader for its innovative use of threat intelligence and machine learning. Netacea’s Intent Analytics™ engine analyses web and API logs in near real-time to identify and mitigate bot threats. This unique approach provides businesses with transparent, actionable threat intelligence that empowers them to make informed decisions about their traffic.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-07-26
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code `POST /Api/ASF` ASF API endpoint responsible for updating global ASF config incorrectly removed `IPCPassword` from the resulting config when the caller did no...
PUBLISHED: 2021-07-26
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS pay...
PUBLISHED: 2021-07-26
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected use...
PUBLISHED: 2021-07-26
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user...
PUBLISHED: 2021-07-26
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.