We know about advanced persistent threats. But what do we know about advanced persistent bots?
Advanced Persistent Bots – The New Emerging Threat
According to the latest annual report by Distil Networks, the number of bad bots has increased sensibly throughout 2015.
Bad bots are used by malicious actors for various purposes:
- Web scraping;
- Brute force attacks;
- Competitive data mining;
- Data theft;
- Account hijacking;
- Online fraud;
- Spam campaigns;
- Unauthorized vulnerability scans;
- MitM attacks;
Advanced Persistent Bots, in particular, can also mimic human behavior, load malicious JavaScript, change cookies, perform browser automation, spoof IP addresses (via HelpNet Security).
According to Distil Networks’ CEO, Rami Essaid:
The persistency aspect is that they [bots] evade detection with tactics like dynamic IP rotation from huge pools of IP addresses, using Tor networks and peer to peer proxies to obfuscate their origins, and distributing attacks over hundreds of thousands of IP addresses.
Who is in danger of bad bot activity? Researchers warn that medium-sized websites with Alexa ranking within 10,001 to 50,000 are mostly prone to APBs. Some statistics on APB’s behavior:
- 88 percent of the total bad bot traffic has at least one feature of an APB;
- 73 percent of bad bots distribute their attacks over multiple IP addresses and of those;
- 53 percent of bad bots can JavaScript, which means that they will be counted as humans by Google Analytics and similar tools;
- 39 percent of bad bots can mimic human behavior, which will lead to lots of false negatives in web log analysis;
- 36 percent of bad bots can hide themselves via two or more user agents; the most dangerous APBs can change their identities more than 100 times.
Bad and Advanced Persistent Bots Prevention
Since bad bots distribute their attacks over thousands of different IP addresses and they often target the DNS address of the victim’s PC, one way to protect your computer is via VPN services such as oVPN. One of the most important features of the software, DNScrypt, is its ability to encrypt DNS traffic and secure package leaking. The feature also protects from MitM attacks, one of the attacks distributed by bad bots.
In addition to an appropriate VPN service, having a powerful anti-malware solution is a classical must.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: