Cequence Security today published research findings on automated bot attacks, developed with Enterprise Management Associates (EMA), focusing on the automated malicious bot attacks targeting public-facing API and web-based applications. Cequence will discuss the findings in a webinar, Winning the Imitation Game: Separating Human Traffic from Automated Bot Attacks on Tuesday, May 19th at 11:00AM PST.
The study “The Imitation Game: Detecting and Thwarting Automated Bot Attacks” was developed by EMA and Cequence based on responses from hundreds of IT and IT security teams about the many ways by which their public-facing web, mobile, and API-based applications are targeted by automated bot attack campaigns. The study found that inexpensive, easily launched automated malicious bot attacks exploit the business logic of these applications to hijack user accounts, create fake accounts, scrape content, carry out application distributed denial of service attacks, and launch other types of attacks.
Among key findings:
- 85 percent of all respondents believe they are a target for automated attacks including account takeovers, application denial of service and fake account creation,
- A mere 17 percent of the respondents felt their APIs were a primary target with the number expected to increase (not because of more visibility) but because of more APIs being built into applications. In contrast, 60 percent of who believe their organization’s web-based applications are the primary target.
- The survey finds that 57% of the respondents regularly see attackers relaunch attacks from the same source in an effort to thwart the initial detection, highlighting the sophistication and agility of the attack campaigns.
“Bot attack campaigns have become big business for threat actors, and major organizations are now fighting to support legitimate users and prospects while keeping attackers out of online applications and services,” said Paula Musich, Research Director, Enterprise Management Associates. “These attacks target ecommerce and a wide range of vertical industries. Fortunately, using important new AI-based solutions, more organizations are successfully detecting and mitigating frequently used attack techniques, with bot defense solutions that limit the amount of damage automated bot attack campaigns cause.”
“Internet-facing applications and APIs are the engines driving today’s digital economy and as such, are the prime target of bad actors employing a broad range of sophisticated semantic and syntactic attacks,” said Ameya Talwalkar, Co-founder and CPO, Cequence Security. “This research confirms that the expanding threat surface is under a broad range of attacks. It also underscores that innovative bot defense technology that discovers, defends and protects mobile, API and web applications against such attacks can yield important savings – both in fraud resolution and web infrastructure costs.”
For a copy of the findings, please visit https://www.cequence.ai/wp-content/uploads/2020/04/EMA-Bot-Defense-Survey-Summary.pdf.
About Cequence Security
Cequence Security is a venture-backed cybersecurity software company founded in 2015 and based in Sunnyvale, CA. Its mission is to transform application security by consolidating multiple innovative security functions within an open, AI-powered software platform that protects customers’ web, mobile, and API-based applications – and supports today’s cloud-native, container-based application architectures. The company is led by industry veterans that previously held leadership positions at Palo Alto Networks and Symantec. Customers include F500 organizations across multiple vertical markets, and the solution has earned multiple industry accolades, including the 2020 SC Award for Best Web Application and 2018 Gartner Cool Vendor. Learn more at www.cequence.ai.