Have automated tools found favor with web application attackers?

Have automated tools found favor with web application attackers

Attackers are increasing the use of automation in fake bots, application DDoS, and injection attacks

CISOs point out that most cybercriminals attacking Web applications have become more dependent on the use of automated tools in the attacks. Automated tools have been increasingly used in issues like fuzzing attacks, injection attacks, fake bots, application DDoS, and blocked bots.

Automated attacks depend on bots to manipulate liabilities in a Web application, and there are a specific group of attackers that leverage them. The larger amount of traffic comes from nefarious attackers who don’t focus on specific websites but launch automated attacks at scale. Additionally, a smaller gang utilizes automated tools to focus on e-commerce websites and other sites to harvest a profit.

Such threats can be in the form of fake bots behaving as Google bots to escape detection, or they can appear as app DDoS breaches that overload a Web app and crash the website. The majority of the attack traffic comes from reconnaissance or fuzzing, tools leveraged for probing apps for bugs.

Attackers traditionally used fuzzing attacks as a method to test the applications and identify the bounds of the application, then utilize these results and try to break the application.

Security leaders point out that an attacker may potentially try to send across a large range of parameters in the URL to observe how an application reacts. It is possible that the app may throw an error and show a page where the attacker can learn it using a SQL database. After being aware of this, the attacker will try a SQL injection attack and check if the app doesn’t clean it up properly, which could provide them the database access.

The first step of an attack is typically a fuzzing attack. With the insights gained from fuzzing, a nefarious attacker can understand how to move ahead. Researchers analyzing attacks against JSON APIs said that such attacks were trying to understand the boundary conditions trying to fuzz the APIs.

Injection attacks are the second most commonly used type of automated attack process and are a classic Web application threat that is well known. The majority of the attackers used automated tools to try and get into apps. Most of these attacks happened to be “script kiddie-level noise” as per organizations. Such type of “noise” constitutes the biggest volume of attack traffic.

However, the majority of attacker numbers consist of lesser-skilled attackers that have just started out. Such attackers slowly understand the process of threats; as they continue in the same field, they become more specialized and decide to focus more on either bounty hunting via white-hat cybersecurity jobs or go in the opposite direction, pursuing cybercrime where they build attacks tools by themselves.

Enterprises are improving at defending themselves from fake bots, the third most common version of automated attacks. Such attacks have become even more prevalent in the last year.

People are slowly waking up to issues caused by bots. The majority of organizations have started to invest in bot management solutions. The attackers who use fake bots are most likely targeting data from a specific website but don’t wish to be identified or stopped and hence act like a bot.