Botnet attacks are increasingly being used to target applications for illegal and unethical objectives, but bot detection tools and best practices are still lacking.
Changes to modern application architectures are being driven by the broad usage of mobile and IoT devices, new ‘serverless’ designs hosted in public clouds, and the rising reliance on machine-to-machine communication.
Threat actors have been quick to exploit this newly exposed attack surface as enterprises shift applications to the cloud and expose functionality through application programming interfaces (APIs). They can drastically improve the reach and efficacy of their attacks by deploying botnets. Security, like many other new technologies, is falling behind.
The issue is that businesses must be strategic about how they spend security funds. Tools and abilities are in high demand and becoming increasingly costly. Similarly, because it’s a lucrative crime location, the threat landscape is expanding.
Botnet attacks on APIs
According to a report released earlier this year by security firm Radware and Osterman Research, 98 percent of enterprises would see attacks against their applications in 2020, with 82 percent reporting bot attacks. The most prevalent bot attacks include denial of service (DoS), which 86 percent of companies have encountered, web scraping, which 84 percent have seen, and 75 percent that reported account takeover.
The situation is deteriorating. The destructive potential of botnets has drastically increased as they leverage IoT devices, which are expected to reach 80 billion by 2025, according to a March report from the Council to Secure the Digital Economy (CSDE), trade group USTelecom and the Consumer Technology Association. APIs are a tempting target because they let businesses to make back-end data and functionality available to trustworthy partners, consumers, and the general public. API gateways are recommended by the CSDE to help protect against botnets.
Worse, the bots are becoming more sophisticated. The majority of malicious bot traffic last year was from sophisticated bots, which are more difficult to detect and block. These are the bots that are responsible for API abuse, misuse, and attacks at rapid speeds. As the number of APIs increases year after year, bad actors will have more opportunities to access sensitive data.
Critical steps for stopping API botnet attacks
Traditional strategies for preventing web attacks are insufficient for preventing API attacks in real time. Static methods include rate limiting API calls, restricting requests from unknown protocols, and checking for attack signatures used by Web Application Firewalls (WAFs). WAFs are unable to analyze dynamic real-time signals and behaviors. As a result, WAFs frequently block legitimate traffic while allowing malicious traffic to pass through. WAFs and traditional signature-based detection systems are easily evaded by newer API bots.
To defeat API bots, enterprises need a new defensive strategy based on complex behavior modeling, machine learning, and a continuous real-time feedback loop.
Build the models by collecting signals
To detect API bot actions in real time, the first step is to collect network, behavioral, and other fingerprints from normal users as a baseline. To determine whether a call is coming from a good bot rather than a malicious bot, these signals should be paired with internal and external reputation feeds.
Finally, application-specific feedback loops should be included. All of this information can be combined to create reliable models of what constitutes good, bad, and unknown API traffic. To block dynamic and continually evolving API attacks, these models should be adaptable and have the capacity to incorporate data in real-time.
Process API request signals to detect bots
By continuously evaluating the signals emitted by each API request, the model can detect fraudulent API bots. Behavioral analytics advanced machine learning built to respond at web scale and in real time is required. Each API request will be assigned a risk score based on the detection model’s constant comparison of behaviors and signals to those of real user signals. This enables website and application operators, as well as security teams, to detect anomalies and create a precise confidence interval for API calls.
Quickly mitigate bad bots
When the system detects a malicious request with a high confidence interval, it should block the request before it accesses the API and collects any data. To avoid making real users wait, this decision must be made in milliseconds.
Learn and update constantly
To make this strategy work, enterprises need to keep updating their models of what bad API behaviour looks like. This is the only method to increase bot identification and accuracy on a continuous basis. Only dynamic models that ingest data in real time and alter the model to take each new result into account can achieve this.
For more such updates follow us on Google News ITsecuritywire News.