Under Attack?
Search
Menu

Unmasking the Bot Threat: Exploring Bad Bot Analyzer Tool, Part 2

By Zaid ImamSeptember 7, 2023

In the previous sections of the blog, we covered the tool itself, its technical workflow, and provided a summary of the analyzed results. In this next part, we will delve into an in-depth exploration of different use cases, aiming to gain a deeper understanding of their potential outcomes and benefits.

Why Usecase Based Analysis is Required

Use case-based analysis is essential for comprehensive bot mitigation and security. It involves examining specific contexts and challenges to understand how bad bots can pose threats. Through this analysis, organizations identify vulnerabilities, assess risks, and develop targeted security measures, also quantify potential risks by simulating attack scenarios. This information informs decision-making and resource allocation for bot mitigation strategies.

In summary, use case-based analysis provides technical insights for identifying vulnerabilities, assessing risks, and implementing targeted security measures. It enhances bot mitigation efforts and safeguards systems, data, and user experiences.

Usecase Based Analysis

Price/Content Scraping Attempt:

Bad Bots are known to navigate through various sections of an application with the intention of scraping content, particularly from third-party websites. Competitors often employ these bad bots to run on web applications and extract content.

When it comes to category pages, bad bots focus on scraping important details such as product names and prices. By targeting category pages, they can gather critical information about multiple products listed within a specific section.

Moreover, bad bots delve deeper into specific products to extract vital product information, including Product ID and detailed descriptions. This scraping activity aims to gather comprehensive data about individual products.

Out of the total 18.8 million bot hits in the six-day period, 6.3 million were on category pages targeting product information. Over the course of these days, the bots aimed at 1 million unique product URLs. Interestingly, the peak in activity occurred on the 28th, with a clear motivation to capture specific details of the published products. This information helps organizations protect their product data from unauthorized extraction.

Account Takeover Attempt:

Account Takeover (ATO) is a severe threat that compromises the security of personal and corporate accounts. Fraudsters use fake user credentials to gain unauthorized access, leading to data breaches and the extraction of sensitive information like credit card numbers and personal data.

In today’s digital landscape, organizations must take preventive measures to protect themselves and minimize the impact of ATO. Analyzing over 329 thousand Bad Bot Hits on the ‘Login’ page and identifying more than 50 thousand hits from a single IP address provides insights into the origin and intent of attacks over time.

Cart Abandonment Attempt:

Cart abandonment occurs when users add products to their cart but do not complete the purchase, often resulting in stock depletion. This can negatively impact the user experience as the desired product appears to be “Out of Stock.” However, bad bots exacerbate this issue by programmatically adding products to the cart.

In the specific case of the “Cart” section, there were over 22.4 thousand instances of Bad Bot Hits, indicating a significant presence of malicious automated activity. Notably, there was a notable spike in Bad Bot activity recorded on June 25th at 10 AM (UTC), suggesting an intensified effort by bad actors during that period. This heightened activity underscores the need for robust security measures to protect against such malicious actions and ensure a smooth and reliable shopping experience for genuine users.

Potential Carding Attempt:

Carding poses a significant web security threat where attackers obtain stolen credit card numbers and employ bots to repeatedly attempt authorization using these compromised credentials. These attacks are not limited to credit cards but also extend to gift cards and vouchers. The consequences of carding attacks can be detrimental and encompass chargeback penalties, processing fees, reputational damage, and more.

In relation to the specific “Carding” section, it is alarming that there were over 21.5 thousand instances of Bad Bot Hits. This high volume indicates a substantial presence of malicious automated activity specifically targeting the carding process. Notably, the peak of the attack occurred on June 25th at 11 AM (UTC), underscoring a concentrated and intensified effort by the attackers during that particular period.

Targeted Search Queries:

Bad bots commonly target search URLs to execute focused attacks, disrupting critical product information retrieval for specific items. Analyzing the top 15 search terms reveals the most targeted products, enabling organizations to prioritize security measures for those items and mitigate the impact of bad bot attacks.

Programmatic Attacks:

Programmatic attacks often originate from a single IP address or a subnet series, exhibiting a consistent pattern in terms of attack intervals. Bad bots are intentionally designed to generate attacks programmatically, adhering to specific time frequencies, in order to carry out malicious activities on web or mobile applications. This valuable information enables organizations to analyze attack patterns associated with IP addresses or subnet series and take preventive measures to mitigate their impact.

UTM Based Analysis:

A UTM source is a parameter appended to a URL that aids in tracking conversions and calculating the Return on Investment (ROI) of marketing efforts. It enables the tracking of the specific channel through which a request was received. By analyzing the top 5 UTM sources, organizations can gather information on the total number of requests and the percentage of Bad Bot Hits associated with each source. This analysis helps in identifying the UTM source that generates a higher proportion of Bad Bot Hits.

On the other hand, UTM campaigns are utilized to track metrics and evaluate the performance of specific digital marketing campaigns. By implementing UTM parameters, organizations can gain insights into the effectiveness of their campaigns, measure key performance indicators, and make informed decisions to optimize marketing strategies.

Conclusion

In addition to the aforementioned use cases, we thoroughly investigate other industry-specific use case by analyzing the shared logs. The primary objective of the Bad Bot Analyzer (BBA) product is to generate highly technical and detailed reports. These reports serve a crucial purpose in helping customers comprehend the genuine necessity of implementing a comprehensive bot management solution like Radware Bot Manager. Our aim is to empower companies to make informed decisions about their security strategies based on a thorough understanding of their unique needs and potential risks.

Posted in: Application ProtectionTags:

Zaid Imam

With over 6 years in product management at Radware, Md Zaid Imam possesses extensive expertise in cybersecurity, specifically bot mitigation, and protection. Known for a dynamic approach that is both data-driven and analytical, Zaid's knowledge and experience provide a unique and informed perspective on the cybersecurity landscape. As a technical expert in the field, zaid consistently delivers innovative solutions to address complex cybersecurity challenges. Passion for and dedication to the industry make him a reliable resource for all things related to cybersecurity.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?