As bots automation tools have become the norm for cyber attacks, automated threat protection has become the standard configuration of enterprise defense systems. On January 25, 2024, Ruishu Information officially released the "2023 Bots Automated Threat Report". This paper conducts in-depth analysis from multiple aspects such as bots threat scenarios, development trends, and attack characteristics, analyzes bots automation attack cases in multiple scenarios, and makes the latest research and judgment on the development trend of bots automation threats in 2024, and provides corresponding protection suggestions.
Scan***Register** Automated Threat Report 2023botsCase 1: API interface unauthorized protection
Type of attack
The API interface is privileged.
Technical features:
API fingerprinting, parameter tampering, and automatic parameter traversal.
Problem description
The user used an open-source CMS system, in which there was an unauthorized access vulnerability in the user information acquisition interface, which was detected by the attacker and then dragged a batch of data, resulting in the leakage of a large amount of sensitive information.
Confrontational thinking
Before going live, you can use API security scanning to detect risks such as legacy APIs, vulnerability information, and sensitive data.
After the launch, the API audit platform is used to continuously monitor API access behavior, data flow and other information, and find abnormal situations at the first time.
Use the WAAP platform to block attacks and abnormal access.
Leverage programmable adversaries for fine-grained protection to meet business needs.
Case 2: Advanced tools for batch data crawling protection
Type of attack
Data crawling. Technical features:
Large amount of crawler data, advanced automation tools, rich pools, captcha bypass, and high degree of anthropomorphism.
Problem description
The user system has adopted mechanisms such as IP rate limiting, browser environment detection, and graphic verification code, but the number of visits is still huge, far exceeding the number of visits that normal users should have. Through analysis, it is found that as the confrontation continues, the crawler has also carried out a large number of technical upgrades to bypass the protection means, in addition to captcha recognition, **IP, new technologies such as operation event simulation and script supplementation environment have also been applied.
Confrontational thinking
The recognition model of the automated framework is updated to detect new frameworks and magic frameworks.
Through the pre-acquisition technology, the client environment is deeply perceived and the behavior of the supplementary environment is recognized.
Establish a baseline of access behavior and restrict abnormal access that deviates from the baseline.
User behavior analysis to limit requests that lack the behavior and characteristics of a real person.