US face API attacks as bad bots account for 72% of threats
Research undertaken by Barracuda Networks has found that, in the first six months of 2023, 48% of the global internet traffic was made up of mostly malicious bots. These bad bots were using residential IP addresses to launch attacks without being caught by the security blocks put on known malicious IPs.
Researchers also found that in many cases, the people who used or were later allocated those IPs ended up in “CAPTCHA hell”, according to Barracuda. They were unable to pass checks from Google or Cloudflare because their IP triggered a red flag as having been used for malicious activity.
A drop in bot activity, but businesses remain vulnerable
This research comes out in the midst of sector professionals stating that a renewed focus on cybersecurity is needed moving forward. Although digital tools like generative AI are expected to make security tools more powerful in the future, organisations still need to protect themselves from sophisticated threats.
Barracuda highlights that ‘bad bots’ have also been sent out across the internet with the aim of compromising email accounts – particularly those they can reach through vulnerable application programming interfaces (APIs). The bots will attack the APIs with countless combinations of usernames and passwords until they get the one that works.
From January 2023 to June 2023, bots made up nearly 50% of internet traffic, with bad bots making up 30% of traffic. That is lower than 2021 when Barracuda research found that bad bots made up 39% of internet traffic.
However, whilst the bad bot landscape was dominated by swarms of “retail bots” in 2021, Barracuda has found that bad bots in 2023 are now being used for more advanced attacks, finding that in the first half of 2023, North America was the source of 72% of bad bot traffic.
In addition, it found that 67% of bad bot traffic came from hosting providers, including the two large public clouds: AWS and Azure. The next most prevalent regions are the United Arab Emirates (12%), Saudi Arabia (6%), Qatar (5%) and India (5%).
Barracuda’s researchers also found a significant amount of bad bot traffic (33%) coming from residential IP addresses. The company states that this is due to bot creators trying to hide in residential traffic by using someone else’s IP address through proxies in order to try and bypass IP blocks.
Evolving threat landscape demands stronger cyber defences
Barracuda also found that the more serious bot threat groups are still operating, getting more sophisticated and causing serious damage. Malicious bots are becoming more intelligent and, as a result, account takeover attacks - including attacks against APIs - are increasing.
Attacks against APIs are growing because they are relatively under-protected and therefore easier to attack with automation, according to Barracuda. This is because they are made for automation.
Tushar Richabadas, Principal Product Marketing Manager of Applications and Cloud Security at Barracuda, says:
“For the organisations targeted by these bots, a combination of under-secured APIs, weak authentication and access policies, and a lack of bot-specific security measures – such as limiting the volume and speed of inbound traffic leave them vulnerable to attack, organisations can be overwhelmed due to the sheer number of solutions required to stop bots, but the good news is that solutions are consolidating into Web Application and API Protection (WAAP) services that identifies and stops bad bots.”
The company highlights how these account takeover attacks generally start with a brute-force attack or a credential stuffing or password spraying attack. For example, an attacker would use a list of common usernames (like admin or administrator) and passwords (like hunter123 or password) and keep iterating until they are successful.
In credential stuffing, Barracuda states that attackers start with known good credentials from a data breach and rely on people reusing their passwords on other sites. These attacks are more successful simply because password reuse is very common.
It is important to note that cyber defences like rate limits and multi-factor authentication (MFA) can help detect and stop brute-force attacks such as this. Unfortunately, Barracuda notes that many organisations do not have proper rate limits and monitoring in place, which can lead to bigger problems, as it did with the Optus breach in 2022.
******
For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.
Other magazines that may be of interest - Technology Magazine | AI Magazine.
Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.
******
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.