Turning to numerous disguised bots to stay undetected and to streamline their attacks, hackers are a hard nut to crack.
As organizations worldwide rush to automate and digitalize, so are the bad guys.
Hackers and scammers are increasingly turning to bots and automation to make their work more efficient and effective and help them avoid detection, according to new research from cybersecurity firm Barracuda.
In December 2020, Barracuda researchers analyzed two months of global data on web application attacks blocked by their own systems, and uncovered a massive number of automated attacks around the world, including the Asia Pacific region.
Automated attacks use bots to try to exploit vulnerabilities in web applications. These attacks can range from fake bots posing as Google bots to avoid detection, to application distributed denial of service botnet trying to crash a site.
According to the research, the bots-prevalence rates sample across all geographies were:
- fuzzing attacks, which use automation to break into applications: 19.46%
- Injection attacks, where hackers use automated tools like sqlmap to access applications: 12.07%
- bots pretending to be a Google bot or similar: 12.02%
- application DDoS attacks: 9.29%
- bots blocked by site admins: 1.2%
These kinds of attacks are often used to retrieve sensitive data, and the researchers noted an overwhelming number of exfiltration attempts focused on stealing credit card numbers, accounting for more than three-quarters of attacks.
Said Mark Lukie, Engineer Manager, Barracuda (Asia-Pacific): “Automated tools continue to advance in their level of sophistication, allowing even the most unsophisticated hacker a convenient way to successfully steal valuable data from unsuspecting users.”
Organizations are advised to invest in good cybersecurity solutions that can find and remediate vulnerabilities automatically. This, coupled with the right cyber awareness training for all staff will offer protection against such evolving threats, he said.