Can you tell the difference between a human and a bot online? While it sounds easy enough, technological advancements in artificial intelligence (AI), machine learning (ML), and natural language processing (NLP) are making this task increasingly complex.
Oren Graiver
Oren is a senior innovation manager at Imperva responsible for incubating new ideas and innovations. For more than 15 years, he’s designed cybersecurity products that solve complex customer challenges. Oren helped build and grow products for technology companies across the globe as a product manager at Mavenir (formerly Comverse Technology, Inc.), Checkmarx, Check Point Software Technologies Ltd., and as a co-founder and chief product officer at Proximo Tech.
I analyze and research cybersecurity trends to predict and protect some of the world’s largest brands from sophisticated threats. Over the course of my career, I’ve seen a shift with more attacks carried out by bad bots — software applications that are programmed and controlled by bot operators to perform automated tasks with malicious intent.
Research from Imperva found that bad bots accounted for over a quarter of all internet traffic in 2021. They are used by a wide range of malicious operators including competitors who scrape websites for proprietary information and prices, scalpers who purchase entire inventories of limited-edition items, attackers looking to obtain sensitive data and more.
Most of these bad bots mask themselves by attempting to interact with applications similar to a legitimate user. In fact, increasingly sophisticated bots have the ability to mimic human behavior by cycling through random IPs, entering through anonymous proxies and changing identities.
Unfortunately, that means detecting malicious bad bot activity that abuses APIs and application business logic will get harder until defenses are equipped to identify these sophisticated threats.
How Bots Are Becoming More ‘Human’
Not all bots are bad, and there are many examples of good bots that provide beneficial services. Chatbots, for example, are ubiquitous and appear on nearly every type of website to assist with consumer-facing roles such as sales, customer service and relationship management.
Powered by advanced AI, many chatbots now recognize psychological, behavioral and social patterns to provide the end user with a more humanlike experience. Further, natural language processing, a machine learning technology that helps bots understand text, data and social patterns, enables automation to respond with adapted semantics so it conveys realistic human behavior.
3 Ways Bad Bots Are Committing Fraud
While innovations in ML, AI, and NLP benefit our daily lives, bad bot operators could exploit these innovations for malicious purposes. Some examples include:
Pretexting
Pretexting is a type of social engineering technique that manipulates victims into divulging personal information. A bot operator could use NLP to train a bad bot to adapt to the social and behavioral patterns of a target to impersonate them and assume their identity.
The bot operator could then use the bad bot to communicate with the target’s friends or coworkers via email, social media or text to obtain sensitive information that could be used for other more nefarious attacks such as account takeover, identity theft or data leakage.
Distributed Denial of Service (DDoS)
In a DDoS attack, bad actors attempt to make a server or network resource unavailable to users.
Malicious operators looking to disrupt a business’s operations or knock it offline can train an army of bad bots with NLP to learn the language patterns of a business’s customers. This army of bots could then be used to flood an organization’s social media with complaints, overwhelm customer service phone lines or chat services, or slow down website performance leading to downtime.
Account Creation
In this type of online fraud, bad actors use bots to automate account creation to spam messages, amplify propaganda or abuse promotions.
Using NLP, bad actors can masquerade as legitimate user accounts to sabotage a brand or its competitors.
Protecting Applications and APIs from Humanlike Bots
Recognizing the difference between good and bad bots is essential in a bot prevention solution, but that job is becoming more challenging as bad bot behaviors mirror sophisticated human actions.
It is reasonable to predict that bad actors will continue to find new ways to use sophisticated NLP technologies to turn a profit and cause disruption. In the near future, we’ll see more bad bots interacting with humans to gain their trust — adapting to the language, social and behavior patterns of their targets.
For organizations, this will require a shift in defenses and for applications and APIs to be developed with bots in mind. Some proactive steps organizations can take to manage bot traffic include:
- Implement CAPTCHA technology for traffic that comes from outdated browser versions.
- Block IPs hosted on providers and proxy services such as Host Europe GMBH, Dedibox SAS, Digital Ocean, OVH SAS and Choopa, and LLC.
- Review web traffic data for unexpected traffic spikes or increases in failed login attempts, as those could be signs of bad bot traffic.
- Understand the ways your site can become a target. Does your site have credit card forms, pricing information or exposed APIs? Those are all website functionalities that can be exploited by automated attacks.
In taking these proactive steps, organizations are well on their way to creating a successful bad bot management strategy that protects the customer experience, their brand reputation and the business’s bottom line.
The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Checkmarx.
Feature image via Pixabay.
Malicious Bots Hide Using NLP and AI – The New Stack & Latest News Update
Malicious Bots Hide Using NLP and AI – The New Stack & More Live News
All this news that I have made and shared for you people, you will like it very much and in it we keep bringing topics for you people like every time so that you keep getting news information like trending topics and you It is our goal to be able to get
all kinds of news without going through us so that we can reach you the latest and best news for free so that you can move ahead further by getting the information of that news together with you. Later on, we will continue
to give information about more today world news update types of latest news through posts on our website so that you always keep moving forward in that news and whatever kind of information will be there, it will definitely be conveyed to you people.
Malicious Bots Hide Using NLP and AI – The New Stack & More News Today
All this news that I have brought up to you or will be the most different and best news that you people are not going to get anywhere, along with the information Trending News, Breaking News, Health News, Science News, Sports News, Entertainment News, Technology News, Business News, World News of this made available to all of you so that you are always connected with the news, stay ahead in the matter and keep getting today news all types of news for free till today so that you can get the news by getting it. Always take two steps forward
Credit Goes To News Website – This Original Content Owner News Website . This Is Not My Content So If You Want To Read Original Content You Can Follow Below Links