Five steps to better protect against bad bots and automated fraud

Based on extensive expertise and detailed analysis of bot activity, Imperva's experts have identified five key steps organizations should take to effectively protect themselves from these malicious actors.

1. identify risks at an early stage

The first line of defense against bad bots is to identify potential risks to the corporate website early on. Companies should be aware that marketing and e-commerce campaigns, especially those for products with limited quantities and high demand, often attract bots. These specifically exploit vulnerabilities to grab coveted products and deny customers access. For example, if a specific date and time is announced for the launch of a coveted product, cybercriminals have enough time and information to prepare for their action in the long term. Companies must be prepared for significantly increased traffic in this case.

In addition, it is important for companies to know how to protect their website from bots as efficiently as possible, as some website features can be specifically exploited by bad bots. For example, if there is a login function, this increases the likelihood of credential stuffing and credential cracking attacks, where cybercriminals gain access with stolen credentials. If there is a checkout form, that increases the likelihood of credit card fraud. Companies should take targeted security measures at these sensitive points.

2. reduce weak points

Enterprises should not limit their security measures to websites alone. Protecting exposed APIs and mobile apps is equally important to ensure a holistic approach to protecting web applications and data. Sharing information between systems improves the organization's defense capabilities and enables a comprehensive protection strategy.

3. block outdated browser versions

Many bot tools and scripts use user agent strings with outdated browser versions. In contrast, human users must regularly update their browsers to newer versions. Imperva recommends that organizations take steps to block access from outdated browser versions. This significantly reduces the risk from bad bots.

4. block bulk IP data centers

Bad bots increasingly use proxy services to hide their attacks and impersonate human users. By using bulk IP services in their requests, attackers attempt to bypass security measures. Enterprises should block access from bulk IP data centers to reduce the likelihood of botnet traffic. Examples of such bot providers that have already been involved in such activities include Host Europe GmbH, Dedibox SAS, Digital Ocean, OVH SAS & Choopa, LLC.

5. identify automation tools

Identifying automation tools such as Selenium and Web Driver that are commonly used by bad bots is critical to detecting and minimizing bot traffic. These tools serve as clear indicators of automated activity. Organizations are thus able to effectively identify and neutralize harmful bot activity.

Imperva emphasizes the importance of ongoing vigilance and adapting defense strategies to ever-evolving threats. Distinguishing between good and bad bot behaviors is essential. Organizations should implement a layered model for defense that includes techniques such as user profiling and fingerprinting.

"Every website is attacked for different reasons and usually in different ways, so there is no one-size-fits-all solution," said Stephan Dykgers, AVP DACH, at the security vendor. "However, by taking proactive measures and staying well informed, companies can effectively address the bot problem."

More information on Imperva's bad bot strategy is available in the Bad Bot Report 2023, which can be found on imperva.com is available.