Malicious bots are targeting your apps. Here’s how to shut them down.
Partly in response to improvements in email security, cybercriminals are increasingly turning to attack strategies that leverage vulnerabilities in other vectors. That’s why 2022 has seen dramatic upticks in attacks that target industrial systems, access control systems, and online applications and APIs.
Among attacks against apps and APIs, a very effective technique is the use of highly sophisticated malicious bots. Bots can be used to launch many different kinds of attacks, including distributed denial-of-service (DDoS), shopping cart fraud attacks, credential stuffing, site scraping, and many others.
And these attacks work. In our report “The state of application security in 2021,” based on a survey of hundreds of IT pros around the world, bot attacks were rated as the No. 1 factor contributing to security breaches involving application compromise.
Get the facts in a new webinar
In a new webinar coming up on December 7, Barracuda’s VP for App Security Product Management Nitzan Miron, in conversation with Senior Director of Marketing Operations Kaivan Jesung, will deliver an in-depth presentation on the specific ways that modern bots launch their attacks.
At the webinar, you’ll see why the bot problem is not going away anytime soon, as Nitzan and Kaivan describe the mature, active, and fully above-board industry that creates advanced bots and brings them to a market with plenty of demand — the “bot supply chain.”.
You’ll also find out why a straightforward behavioral analysis is no longer sufficient to detect malicious bots — as today’s sophisticated bots can mimic human behavior in ways that require advanced, AI-powered analysis to distinguish from legitimate app users (including benign bots).
Beyond bots: API and supply-chain attacks
In addition to a thorough discussion of malicious bots, how they work, and how to stop them, Nitzan and Kaivan will dig into two other significant trends in application-based threats.
- Uses APIs to offload app rendering to the client browser — which means the browser, and any astute attacker, has direct access to the app’s business logic, making flaws and vulnerabilities much easier to find
- Increasingly depends on third-party code modules and libraries, which (see previous bullet) are in many cases called directly by the client browser — meaning that by compromising just one of those upstream third-party elements, an attacker can also compromise every client-side instance of the app
Software supply-chain attacks and API attacks were ranked the No. 3 and No. 4 factors contributing to application compromise in the survey report cited above. There’s no reason to think they won’t rank even higher in the next report.
How to fight back
The webinar will conclude with a detailed discussion of what it takes to combat the ever-growing variety of sophisticated application threats effectively.
As in other areas of cybersecurity, what’s clearly emerging is the need for a platform-based approach, which can apply security comprehensively using an advanced core solution, augmented by threat-specific add-on modules that leverage the core solution’s capabilities to address specific types of attack.
Nitzan and Kaivan will walk through the capabilities of Barracuda Cloud Application Protection, which happens to be a very fine example of the platform-based approach to app security described above. Built on a core of Barracuda’s proven Web Application Firewall technology, it additionally leverages specific modules to protect against advanced bots, DDoS, client-side attacks, API attacks, and more.
Cybersecurity pros can’t afford to fall behind on these critical aspects of the threat landscape and what it takes to keep your apps secure. Set aside an hour on December 7 to attend this timely webinar and make sure you’ve got the info you need.