Today’s sophisticated bots reside on compromised residential devices, enabling  fraudsters to blend in with legitimate user traffic across the web. These sophisticated  bots can mimic human keystrokes, mouse movement, and browser history. They look and  act like humans when they visit websites and commit fraud and abuse of applications  including account takeover attacks, automated account creation, and payment fraud.  Because of this, conventional approaches such as anomaly detection have proven to not  be effective in stopping sophisticated bots. All in all, ​bots are more sophisticated than ever  and look more human. ​ How do you stop them?

 It’s easy to look like a human – or even a million humans. With large-scale data breaches over the past years, it’s easy for fraudsters to acquire user  credentials from the open, deep, and dark web in order to compromise real human  accounts. This is a substantial challenge for security teams and the problem is getting  worse. In the first 9 months of 2019, there were ​nearly 8 billion records exposed​.    

More so, fraudsters are now frequently using sophisticated bots to go through the same  signup process new human users do, but they are using automation to generate millions of  accounts in a short period. By using sophisticated bots to compromise or create new  accounts, fraudsters easily blend in with real human users and do so undetected.    

Fraudsters also use sophisticated bots to impersonate human users and attack  applications. Examples include: taking advantage of flash sales, discounts, and incentive  programs. It could also mean holding reservations or tickets, and denying online inventory  to customers. Or, it could mean selling compromised or burner accounts on the dark web  to other cybercriminals.

 Dedicated Platforms are Needed to Catch Sophisticated Bots

Traditional application security tools, such as Web Application Firewalls (WAFs) and  Runtime Application Self-Protection (RASP) fall short of detecting sophisticated bots  because:   

1. They rely on rulesets​: limited rulesets in other application security tools are  designed to avoid false positives, but they often decrease the accuracy of bot  detection. 

2. They are focused on vulnerabilities:​ protecting against vulnerabilities such as  cross-site scripting, SQL injections, and more can be done by typical application  security tools. However, sophisticated bots do not exploit these types of  vulnerabilities. 

3. They depend on anomaly detection:​ though a useful technique and layer for simple  bot detection, over reliance on this is prone to failure. This is because  sophisticated bot operations mimic human patterns, and utilize residential proxies,  making anomaly detection alone ineffective.  

 Instead, ​fraud and security analysts should look for a sophisticated bot mitigation platform  that requires advanced and multilayered detection methodology which enables unmatched  accuracy — all without compromising anyone’s experience on the web.   

 ● Multiple ways of detecting bots​: A bot mitigation platform needs to go beyond  signature-based detection to also identify indicators of compromise. This allows for a  definitive answer on whether or not traffic originates from a bot or human, even if it  comes from the same device. 

● Threat intelligence: ​Technology alone may only stop attacks in isolation. Having threat  intelligence that attributes bot behavior to threat actors and groups whenever possible  enables teams to understand the “who” and “why” behind fraud operations. 

● Continuous adaptation ​– Sophisticated bots attacks continuously adjust and adapt to  detection techniques, making it necessary for teams to use a platform that constantly  updates its detection and mitigation capabilities to stay ahead of the adversary.   

White Ops is a cybersecurity company that protects enterprises across the globe—including  the largest internet platforms—against sophisticated bot attacks by verifying the humanity of  more than one trillion online interactions every week. ​Learn more about how our bot mitigation  platform can help protect you from sophisticated bot attacks. 

Mike Tery, Product Manager, White Ops