Fraud keeps increasing in sophistication, often carried out by organized gangs of cybercriminals. As threat actors relentlessly change techniques to bypass security defenses, IT security teams find themselves constantly on the defense—pushing their already-strained resources to the brink.
Whether it’s lost transactions, customer departures, diminished revenue, or an ill-informed company forced to make less-than-optimal business decisions, each of these scenarios is the result of the situations that organizations routinely encounter when bots attack:
All too often, IT efforts to prevent these attacks fall short, resulting in disruptions to operations, a poor customer experience, and adverse effects on the company’s bottom line.
To better connect the technical activities to real life, let’s look at the bot challenges from a use-case perspective. Fraud caused by bot attacks can impact different industry sectors in a variety of ways.
Online retail and e-commerce businesses are regular targets of malicious bot attacks. These include inventory hoarding (aka “Grinch bots”), gift card fraud, denial of inventory, scalping, scraping, credential stuffing, and Layer 7 DDoS attacks—to name a few. It’s pretty simple: retailers can’t sustain their business when goods and services can’t be sold to the right customers, for the correct prices, at the right times.
Increased digitalization in the medical field has created a larger attack surface for malicious actors. Imperva Research Labs research data recently revealed a 372 percent spike in bad bot traffic against healthcare sites. At the same time, the percentage of legitimate human traffic on healthcare websites decreased. Simultaneously, the rate of bad bot traffic on healthcare sites increased from 18.9% to 26.8%. This dangerous dichotomous trend can’t be maintained for extended periods—not by any industry sector, especially healthcare.
Hospitals and medical insurance companies, laboratories, healthcare providers, and pharmaceutical companies all store sensitive medical information. And they continue to operate at elevated risk as targets for bot-driven cyberattacks. Unfortunately, disruptions to healthcare services extend beyond keeping medical systems online and could incur regulatory penalties, reduce the provider’s ability to deliver healthcare services, and even put people’s lives at risk.
As the Telco industry has rapidly adopted 5G, edge computing, and IoT technologies, this sector finds itself among the industries that experienced the most significant spike in DDoS attacks in 2020, seeing a 210% increase over 2019 with Telecoms and ISPs hardest hit by bad bots at 45.7%.
Many Telcos now adopt network function virtualization to move networks away from physical appliances and run them in software on CPUs. This shift makes way for increased vulnerability, such as the high traffic volume loads in a DDoS attack.
Credential stuffing and other automated attacks against web and mobile apps, APIs, and OFX (Open Financial Exchange) files lead to account takeovers and new account creation fraud, which drive material fraud losses. Large-scale credential stuffing attacks can also contribute to site performance issues and even site outages.
By default, unmanaged third-party fintech apps are user-enabled to log into financial institution apps as if they are actual users. Without proper visibility, management, and controls, these tools can create unnecessary application loads. Cybercriminals also use them as an attack vector to disguise credential stuffing.
Manual fraud, where fraudsters emulate real users, take over accounts or create new fake accounts. Human-powered attacks often focus on high-value targets, with hackers turning to manual account takeovers when automation fails.
Regardless of the business sector, dealing with bots is a challenge that must be addressed through collaboration. We’ve written about this in a previous post where we note the need to move away from centralized security in modern, virtualized, app-driven environments.
As recommended by Forrester, “A holistic defense against bots requires all affected parties to work together. The e-commerce team must share their requirements around customer experience amid a bot defense, and they should make the security team aware of upcoming events that could lead to an increase in bot traffic.”
This comment reflects how organizations must recognize each impacted party’s role in understanding and respond to the risks brought on by malicious bots. As another example, security and application development teams must work together to adapt to attackers that retool adversarial methods to bypass countermeasures without introducing protection measures that create friction and frustrate users (customers).
It’s also essential to leverage partner relationships to move the conversation and action up the organization to the C-level executive suite. That’s where there are more upsell and cross-sell opportunities. It’s easier to tie into an existing modernization project's budget rather than push for additional commitments for a single solution. We touch on this point in more detail in a previous post as we suggest looking outward as a meaningful way to create an effective fraud ecosystem.
Accepting fraud shouldn’t be the default stance. Delaying application launches to account for after-the-fact security due diligence doesn’t make good business sense either. Instead, look to shift security left in the development process and move to secure cloud platforms such as Google Cloud to modernize AppDev, improve uptime, and speed time to market for secure, adaptive apps.
This approach is vital because modern application architectures have expanded the threat surface while automation has increased attacker effectiveness in exploiting threats found in the OWASP Top 10. Fraudsters are leveraging the exposure and automation; automated threats require automated defenses.
Google Cloud is a more flexible, secure cloud provider that embraces open source, making it the best platform to migrate infrastructure and modernize applications. It’s also the most multi-cloud friendly and provides pioneering capabilities around Kubernetes as well as big data and analytics. Google Cloud has always prioritized security; the platform’s strong security and cutting-edge encryption allow companies to safely store and analyze sensitive personal identifiable information.
F5 bot protection, designed to leverage Google Cloud innovation including BigQuery data analytics platform, TensorFlow machine learning platform, Google Cloud Dataflow and Pub/Sub data processing pipelines, helps take on threat challenges by delivering proactive, multi-layered security that blocks and drops bad bot traffic before it can hit your network. This mitigates bots looking to perform account takeovers, vulnerability reconnaissance, and denial-of-service attacks targeting your network and application layers. F5 bot protection also helps reduce the overhead your network must endure as it attempts to handle the additional traffic.
Shifting left and automating responses with pre-canned actions doesn’t go far enough. It’s unacceptable to settle for bot management that fails to deter cybercriminals or frustrates customers with jumps, hoops, and hurdles that ultimately lead to transaction abandonment and lost revenue. Instead, security must adapt to attackers that retool to bypass countermeasures—without frustrating users.
With F5 bot protection, you can dynamically react as apps and attackers adapt to the operating requirements and threat activities. Our solution dramatically improves business outcomes by slashing fraud losses and providing better customer experiences while maximizing operational efficiencies and business intelligence. We are uniquely positioned to take apps from the core code in the cloud through to customers—with a single solution set that covers four pillars:
The proliferation of architectures, cloud, and third-party integrations has dramatically increased the threat surface. Major application vulnerabilities are released daily, and attackers quickly weaponize them in automation frameworks to find and exploit them for monetary gain.
Effective application security is automated and integrated. Automation improves effectiveness by launching and stabilizing security controls earlier in the development lifecycle. This leads to higher effectiveness with less manual effort. Integration also reduces strain on security resources.
Organizations need consistent and automated security to effectively manage the growing complexity of securing applications across architectures, clouds, and developer frameworks—all at the speed of application development.
The most battle-tested AI/ML engine collects proprietary signals that can’t be faked and classifies them by learning from over two billion attacks per day. This results in comprehensive, advanced mitigation that protects the network from being overrun by harmful traffic while ensuring legitimate traffic and the resulting transactions continue without delay.
To get ahead of the bot challenges your network—and your business—are facing, take a moment to learn more at our F5 and Google Cloud Platform (GCP) page.
1 Source: Forrester, “State of Online Fraud And Bot Management,” Jan 2021, commissioned by Google