Say what you want about bots, but you have to admire their versatility.
Bots do everything from rank Google results and serve up cat photos on your Facebook feed, to sway elections and defraud retailers. Basically, they’re quite flexible.
These days, bad bots are big business, with cybercriminals around the world using them to fraudulently access accounts, attack networks, and steal data. As bots continue to increase in sophistication, IT teams find it harder and harder to tell the bad bots from the good, or even from human users.
As a result, bots are a blind spot in many cybersecurity strategies that most IT teams aren’t ready to address.
What Is a Bot?
A bot is a software program that performs an automated task. These tasks are usually repetitive and run without interaction. Bots make up over 42% of all internet traffic, with bad bots accounting for 30% of all internet activity.
Many bots are useful, like search engine bots that crawl websites to index content. However, in the hands of cybercriminals, bots can be a powerful tool to break into accounts, scrape private information, spread disinformation, infect networks with malware, or carry out attacks.
A computer with a bot infection can spread the bot to other devices and, in turn, create a botnet. This network of bot-compromised machines can then be controlled and used to launch massive attacks by hackers, often with the owner of the device completely unaware it is being used as a part of the attack.
What Threats to Bots Pose?
Unlike many types of cyberthreats, bots can be difficult to defend against. Because there are both good bots and bad bots, it can be hard for your cybersecurity defenses to differentiate.
In addition, bots have become more sophisticated in their behavior. For example, advanced persistent bots (APBs) can do things like cycle through random IP addresses, switch identities, and mimic human behavior by simulating mouse events to appear as a legitimate user. Because bots are such a fundamental tool in hackers’ toolboxes, bots constantly evolve to overcome new cybersecurity defenses and tactics.
As a result, IT teams are often far behind bot operators in terms of security sophistication.
While bots have been around for decades, recent attacks have placed bots firmly in the public consciousness. Russian-linked bots were used to spread disinformation across social media during the 2016 US presidential election, with more than 10 million suspicious tweets and two million GIFs, videos, and Periscope broadcasts sent by troll accounts, while in 2018 a bot attack was used to create a distributed denial of service (DDoS) attack that brought down the internet for most of the East Coast.
Bots Take Over Ticketmaster
Recently, a headline-making example of bots causing problems was with the Taylor Swift “Eras” tour ticket release back in November 2022. For months it wasn’t known what caused the site to continually crash, fans to not be able to get tickets to the highly anticipated tour, and why Ticketmaster canceled the general ticket sale with little warning or explanation.
Now, it appears, at least according to Ticketmaster and Live Nation, that bots are behind the meltdown. In a recent congressional hearing about the company’s potential monopoly over the ticketing market and the mishandling of the Taylor Swift tour, the president of Live Nation blamed bots.
“While the bots failed to penetrate our systems or acquire any tickets, the attack required us to slow down and even pause our sales; this is what led to a terrible customer experience,” Joe Berchtold, president and chief financial officer of Live Nation Entertainment stated at the hearing. “We need to recognize how industrial scalpers breaking the law using bots and cyberattacks to try to unfairly gain tickets contributes to an awful consumer experience.”
While the hearing went beyond bots, with some expressing doubt that bots were the only reason Swifties were denied that opportunity to attend Taylor’s tour, the statement highlights how bots can wreak havoc on a large scale, with little warning.
How to Prevent Bots
When it’s time to secure your organization against the rising menace of bots, there are a few things you can do to keep malicious bots out of your network and prevent your devices and bandwidth from being used in a criminal botnet attack.
As you should already do, make sure you enact strong endpoint security practices and keep your software and hardware up to date with all the latest patches.
You can also proactively prevent some bot traffic by blocking known bot hosting providers and proxy services. Keep in mind that bots can attack any endpoint, not just computers, so you want to make sure you also protect access points to things like IoT sensors, mobile apps, and APIs.
In addition, train users to help them avoid bot infections through standard security practices, and strongly advise them not to click on or open suspicious emails, attachments, or links.
Should bots make it through your defenses, they can usually be discovered if you monitor your traffic sources for unusual activity, traffic spikes, junk conversions, or anomalous failed login attempts. Remember, however, bots are an ever-evolving threat—so what worked today might not be enough come tomorrow.
Fight Back with Security Operations
Arctic Wolf® Managed Detection and Response (MDR) provides comprehensive, 24×7 monitoring of your network, along with ongoing vulnerability assessments and threat analysis to help you reduce your risk and stay ahead of threats. Our Concierge Security® Team can detect bad bots from good, and help you effectively respond to incidents and improve your overall security posture.
