malicious bots a growing problem

Cequence Security announced an innovative application security platform that protects against the growing number of malicious bot attacks impacting online businesses.

An estimated 31% of internet traffic is now made up of malicious bots with another 31% of traffic made up by “good” bots and 38.5% by humans according to ITLC.

Cequence Security“From a bad actor’s perspective, geo-distributed bot attacks are relatively easy to plan and execute,” said Larry Link, President and CEO of Cequence Security. “For that reason, malicious bots are becoming the new #1 attack threat facing every organization that leverages web, mobile, and API apps for business processes and customer engagement. Cequence ASP effectively empowers customers to stop these attacks.”

Wide range of malicious bots

Malicious bot attacks are growing fast, becoming increasingly complex and more challenging to protect against. The bad actors behind orchestrated bot attacks typically have financial or political motivations and use a variety of tactics including content and data scraping, spamming, hacking to steal data or inject malware, and impersonation to steal bandwidth and other website resources.

Cequence bot protectionAmong the most common types of attacks business face are:

  • Account takeovers (ATO): credential stuffing typically using stolen login credentials
  • API/business logic abuse: exploiting APIs of key applications to steal data or carry out fraudulent transactions
  • Fake account creation: fraudsters create massive numbers of fake accounts to engage in hacks ranging from simple spam to complex money laundering.

Other malicious tactics include click fraud, denial of service attacks, denial of inventory, gift card theft, aggregator abuse, and reputation abuse.

A new approach to malicious bot detection

Cequence API or business logic protectionTraditional cybersecurity companies like Distil, Cloudflare, Imperva, and Akamai provide protection for clients at the firewall but require hundreds of hours of client tech team involvement.

Cequence ASP provides a unique, deeper level of protection by combining applied artificial intelligence, machine learning, and behavioral analysis to deliver higher-level security for customers.

Cequence automatically identifies all client web, mobile, and API applications. It automatically detects metadata pinpointing the source, target, and intent of potentially malicious bot attacks.

Once an attack is detected, Cequence blocks the attack by applying multiple policy-based mitigation techniques, including blocking, deception, rate limiting, and more.

The result is more flexible deployment, easy integration of the Cequence API, and faster, simpler deployment, thanks to the platform’s zero-touch application configuration and CQAI automated analytics.

Cequence case study

malicious bots a growing problemCequence CMO Franklyn Jones highlighted a recent client malicious bot attack and response.

“During a recent holiday weekend, one of our customers, an F500 retailer with a strong online presence, was targeted with a massive bot attack using millions of login credentials (username/password combinations) stolen from an earlier, unrelated data breach,” Jones said.

Hackers were testing to see if these credentials would also work on our customer’s login pages. Typically, 10% of these attempts are successful because humans tend to re-use the same username/password combination according to Jones.

“The attackers waited until a holiday weekend because they correctly assumed that much of the security staff would be enjoying the holiday outside the office. During that period, the massive attack accounted for more than 90% of all traffic on our customer’s website,” he added.

The Cequence ASP platform deployed, automatically detecting and blocking the massive attack before it had a chance to do damage to the business. After the attack ended, the retailer CIO said, “A successful attack would have brought our business to its knees. The Cequence solution literally paid for itself that weekend.”

You can learn more from the Cequence news release or at www.cequence.ai.