Let’s talk bots.
What is a bot?
Robots are, at their core, software programs that perform pre-defined tasks that are usually repetitively and automated. They take the grunt work out of our day and allow us to concentrate on things that humans tend to be better at — judgement and motor skills .
Their modern form as “bots” make modern life possible. They can talk to potential new customers on your website, clean up data in a database, scan virtually everything exposed to the internet for keywords to give you tailored information.
However, there is a more shadow-y side to them. Microsoft noted recently that “roughly 20% of all Internet traffic comes from bad bots”. This bad traffic comes in the form of active vulnerability scanning, automated shopping, and a slew of other activity that can degrade human experience on the internet.
How do they cause damage?
As bots can do things quicker and more repetitive than humans can, they allow for certain kinds of attacks and can be used to gain unfair advantage in many areas of life.
For example, the gaming industry is full of bots and trainers that assist gamers in overcoming challenges. Bots that assist gamers to aim their guns (aimbots) in First Person Shooters such as Counter Strike and Halo have been plaguing the industry since its inception. Video game designers and platforms such as Valve and Blizzard have spent millions in designing anti-cheat mechanisms to counter the effects of bots in their games in order to offer a continued level playing field.
Also, imagine the stock market. It is designed in a way that the faster one can react to changes, the more potential profit can be made. These days people no longer call their broker to initiate trades, but rather rely on bots to sense changes in the markets and react accordingly. These are the same kinds of bots that purchase concert tickets the second they’re available, ensuring that real customers do not have the chance to purchase them.
The most classic example is that of spam. The ability to send hundreds, if not thousands, of emails at a time is not humanly possible; however with a simple script, it is “botically possible”. Spam phishing is the most common social engineering technique in the modern era of computing that allowed the propagation of malware (viruses, trojans, etc) to reach new potential.
Locky was a trojan released in 2016 that encrypted one’s fixed drive, removable drives, network, and RAM disk drives and demanded payment to decrypt them. It spread as a spam email with an “invoice” that demanded payment and included an attached Word document with a malicious macro that downloaded the virus to the device. As the bot-enabled spam technique allowed for a very wide reach, the chance for even one success (and thus a payout) is very high.
Perhaps the simplest, yet more technical example, is a Denial of Service (and its big brother the Distributed Denial of Service) attack, where an endpoint (or many) initiates TCP connection requests in rapid succession. As computers are limited in a number of ways, devices can handle only a certain number of incoming requests. Being bombarded with connection requests overloads the device’s memory which causes it to crash — hence the “denial of service” description.
How can we protect against them?
There are a few ways that an organization can protect against bots and other forms of computerized fraud. Generally speaking, as bots are made to automate mass activity, protection is all about identifying mass communication.
On the simple network level, one can implement firewall protection. It’s simply a matter of blocking incoming connections by count. If the device receives above a certain number of input from a device, it can simply write itself a rule to automatically drop further requests from the source. This is limited, however, should the device be bombarded by a number of sources — this is the DDoS attack which is more complicated to protect against.
For more advanced solutions, there are a number of paid services such as Reblaze and Barracuda that provide protection from such activity. They tend to use algorithms that more quickly identify bots on your network’s perimeter and protect your applications.
