Cloud Security, Application security, DevSecOps, Threat Management

‘Solver Bots’ let threat actors bypass the majority of bot management systems

“Solver Bots,” API-as-a-service tools, allow bad actors to bypass the majority of bot management systems, according to research released Friday. Pictured: Cyber Monday sales are displayed on laptop computers on Nov. 29, 2010. (Photo Illustration by Justin Sullivan/Getty Images)

Kasada on Friday reported on a new type of bot — Solver Services — API-as-a-Service tools created by bad actors to bypass the majority of bot management systems.

These “Solver Bots” are giving security teams concern because by “solving” a bot detection system’s defenses, cybercriminals can now commercialize the solver services they deciphered and sell it at scale for a profit. Threat actors with little or no technical skills can now conduct automated bot attacks without having to worry about what bot defenses a site may have in place.

Kasada reports that in the last 12 months, there’s been more than a 750% increase in Solver Bots used for log-in abuse/account takeover within e-commerce. Some 12 months ago, less than 10% of e-commerce bad bot traffic were solver bots. Now, Solver Bots make up more than 95% of e-commerce bot traffic.

“For digital businesses built on cloud-native environments, it’s critical to protect against malicious automation as the majority of internet traffic are bots, not humans,” said Sam Crowther, founder and CEO at Kasada. “Not only do bad bots pose a major cybersecurity risk, but they also add greatly to cloud infrastructure expenditures and degrade the user experience with slow performance. The emergence of new solver services only makes matters worse until their supply chain is disrupted, which is what Kasada’s new platform upgrade is all about.”

Elad Koren, chief product officer at Salt Security, said the evolution of the bots and botnets ecosystem does not represent a new phenomenon — the industry has seen it in the past in other fraud industries. However, Koren said the ubiquity of cloud and API usage, plus the acceleration of attacks, add urgency to the matter. Koren said much like the trojans, malware, and mules in the late 2000s that impacted online banking, solver services and other API-as-a-Service solutions for mainstream botnets have help commoditize this “business.”

“In hype-sales and other highly motivated bot attacks, there’s a real ROI to be gained and a tangible benefit to the work in attacking websites and apps,” Koren said. “It’s becoming apparent that attackers who once had to jump through hoops to make their basic bots go through and buy those AirJordan1 pairs of shoes to sell in the secondary market can now simply use a paid service to get a stream of tokens to go through and bypass an existing solution.”

Giora Engel, co-founder and CEO at Neosec, said APIs are increasingly under attack because the adoption has exponentially grown and they are largely unprotected. Bot solutions focus on protecting the website or mobile app, but securing B2B APIs represents a blind spot for most organizations.

“Every company that exposes APIs opens up their core systems to the outside,” Engel said. “APIs are the connective tissues that link businesses, extending through cloud connections and different applications in the cloud. This traffic must be protected just as much as the sensitive data the cloud possesses.”

Scott Gerlach, co-founder and CSO at StackHawk, said with the continued move to the cloud, and the distribution of workloads, new attack vectors are popping up daily. Gerlach said keeping critical customer data and high-value products protected requires first finding vulnerabilities in APIs before they are pushed into the world.

“When obvious and exploitable vulnerabilities are remediated, bad actors will seek to exploit valid functions,” Gerlach said. “Protecting APIs requires secure design, fixing security issues before production, and using functionality to make sure valid functions aren’t being manipulated.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.