SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Bad bot evolution: AI bots challenge online security measures

Wed, 20th Nov 2024

Barracuda researchers have uncovered that bad bots are evolving to become more sophisticated and human-like, boosting their success rates in account takeovers and other automated attacks.

In their recent findings, it was noted that a new category of AI bots, potentially termed "grey bots," is blurring the line of legitimate activity. These bots have combined advanced machine learning capabilities with more traditional automated functionalities, posing a challenge to distinguishing them from human users.

The investigation has revealed several key insights based on barracuda web applications and APIs analytics from September 2023 to August 2024.

Bad bots constituted 24% of overall internet traffic in 2024, showcasing a drop from 39% noted in 2021. However, the proportion of individual bad bots rose to 44% of detected clients, from 36% the previous year.

Among the various bot types, 49% were identified as "advanced bots," with the majority capable of mimicking human behaviour and overcoming standard online security barriers such as CAPTCHA and rate of traffic controls. Tushar Richabadas, Principal Product Marketing Manager at Barracuda, commented, "While it is good news that the proportion of bad bots in internet traffic has declined, our deeper analysis shows that the range of bad bots has risen over the last 12 months and many of these are advanced bots."

The study categorises two other bot types as "impersonator" bots, designed to replicate human responses for malicious activities like fraud, and "violators," which have a history of participating in undesirable activities.

Richabadas further added, "Bad bots are bad news for business. They can steal data, commit fraud, exploit vulnerabilities, overload websites with traffic, spread spam, skew business analytics, disrupt services for legitimate customers, and more. We also see an emerging category of 'grey bots': AI bots designed to extract or scrape large volumes of data from websites."

The findings underscore the importance of establishing strong defences against bot attacks to protect the integrity of online services. A multilayered defence structure is recommended, which involves strong application protection security and specialised anti-bot protection strategies.

Implementing robust access controls such as multifactor authentication is crucial to safeguarding vulnerable points against brute force and credential-stuffing attacks.

Understanding the evolving threat landscape posed by bad bots is critical for organisations aiming to secure their digital assets. "Strong defences against bot attacks are more important than ever," said Richabadas, highlighting the need for vigilant protection measures.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X