At a time when transparency and facts are essential, an infodemic undermines the public’s trust in information. Disinformation and fake news, which drives fear and doubt among people, can easily become a weapon of influence and political bias — with far-reaching social, economic and geopolitical implications.
In this digital era, we consume information from multiple channels and are less dependent on the mainstream media. The penetration of social media in our daily lives means that information, good and bad, true and fake, spreads faster and further than ever.
Bots can serve multiple purposes in this context. According to most current reports, human bots are creating fake news, but bad bots are used to spread spam in an effort to influence search engine rankings, so fake “facts” get more exposure. We need only look at recent election campaigns in a number of countries and incorrect information circulating about the COVID-19 virus outbreak.
The most popular technique is comment spamming. Bots inject popular and often searched keywords into comments on spam and drug-selling sites to increase the visibility and ranking of the site in search results. “Coronavirus” is a highly trending Google search term. Using that term on a page can boost its page rank, a practice that is generally referred to as search engine optimization (SEO). In elections, we’ve also witnessed the use of bad bots to create fake accounts and distribute propaganda.
So how are bots doing this? By exploiting applications.
Applications Most Exploited by Bad Bots
Bots masquerade as genuine traffic by using popular browsers and devices in combination with their exploit kits to target different channels of communication such as web APIs.
Indeed, web applications are the most exploited attack surface across industries. In 2019, 35% of the total traffic were bad bots on web applications, an increase of 10% from 2018.
Automated attacks on mobile devices have also increased exponentially in recent years. The widespread adoption of mobile devices and the personal data that these devices store are two of the critical reasons behind the rise in attacks. In 2019, 15.4% of the total traffic were bad bots on mobile apps, rising from 13.4% in 2018.
The widespread adoption of internet of things (IoT) devices, emerging serverless architectures hosted in public clouds and the growing dependency on machine-to-machine communication are the reasons for changes in the modern application architecture.
APIs have emerged as the bridge to facilitate interaction between different application architectures. APIs assist in quicker integration and faster deployment of new services. Despite their rapid and widespread implementation, APIs remain poorly protected and are a vulnerable surface for automated threats.