2021 Bots Automation Threat Report: An In-depth Analysis of Bots Attacks

Recently, as a professional manufacturer in the field of Bots automated attack protection and an innovator of China's dynamic security technology, Ruishu Information recently released the "2021 Bots Automated Threat Report". Based on Ruishu Information's thousands of protection cases in government affairs, finance, telecommunications, education, healthcare, Internet and other industries over the years and third-party public data, the report analyzes the detailed data of Bots automated attacks in 2020 from the perspectives of attack targets, attack sources, Bots client analysis, mobile terminal analysis, etc., providing an important reference for enterprises to deeply understand the threat of Bots attacks and improve their corresponding security defense capabilities.

Analysis 1: Government affairs, publishing, and healthcare are hot spots for bot attacks

From an industry perspective, in 2020, public disclosure systems and service provision systems are still the top targets of bot attacks, and the proportion of malicious robots has increased from 40.97% in 2019 to 43.76% in 2020. The top five threat scenarios include vulnerability detection and exploitation, resource grabbing, data scraping, brute force cracking, and denial of service attacks.

At the same time, affected by the COVID-19 pandemic, the publishing and healthcare industries have become hot spots for Bots attacks. Free e-books, paper libraries and other resources that are open to the public for online learning have attracted a large number of malicious crawlers to crawl information. The healthcare industry has also become a key target of attacks because of the "high value" of medical data, especially in terms of system vulnerability scanning, DDoS, and high-frequency crawling of public information.

Analysis 2: APIs are the focus of attention

As corporate businesses develop, access methods have merged into multiple methods such as the Web, APP, and mini-programs, and APIs, which serve as the basic support for integrated access, have also become a key target for attackers. It is expected that by 2022, API abuse will become the most common attack method that causes data leaks in corporate Web applications.

Through monitoring and analysis of access types, Ruishu Information observed that the proportion of API requests has exceeded 65%.

It is also observed that the threats faced by APIs are very different from those faced by traditional web pages. Compared with traditional web pages, APIs carry more business processes, and the types of attacks they face are mainly business-related attacks, including unauthorized access, interface abuse, data dragging, etc., accounting for more than 70%.

Analysis 3: Bots attack sources are more secretive

In order to break through the protection mechanism of the target system, more than 90% of Bots will choose to use IP proxy to hide themselves. As Bot attacks escalate, the way IP proxy is provided has also evolved from local proxy to the more efficient HTTP tunnel mode. The number of IP addresses has greatly increased, the sources have become more extensive, and the concealment has reached a new level.

From the perspective of the geographical location of bot attacks, the sources of domestic bot attacks are quite scattered, but they are mainly from the economically developed southern regions. Guangdong accounts for more than 10%, making it the top source of domestic bot attacks, followed by Anhui, Zhejiang, Jiangsu, and Beijing. Among attacks from abroad, the United States still ranks first, accounting for nearly 60% of attacks, followed by Germany and Singapore.

In addition, the report pointed out that public cloud is still one of the main sources of bot attacks, and a large number of bots use the resources of IDC computer rooms to attack. Among them, more than 50% of bot attacks use Alibaba Cloud, followed by a significant increase in attacks from Huawei Cloud and Tencent Cloud, and the three together account for more than 80%.

Analysis 4: Bots still favor Windows and Chrome

To improve attack efficiency, Bot attackers are constantly trying to bypass detection measures by various means, such as hiding their real identity information by modifying the User Agent. According to Ruishu Information's analysis, more than half of Bots will choose Windows, followed by Mac and Linux. In addition, up to 66% of Bot attackers prefer Chrome as their "disguise".

Whether it is to improve efficiency or bypass existing protection mechanisms, many bots are based on automation frameworks. Compared with 2019, there is no obvious change in the choice of automation frameworks for bots, and the mainstream technologies still use Webdriver, Headless, PhantomJS, and NodeJS.

Analysis 5: Mobile Bots attacks are getting more severe

As more and more business systems of enterprises migrate to mobile terminals, attack platforms must also shift to mobile terminals. As a result, a variety of attack methods have emerged one after another, such as various machine modification tools, cracking frameworks, simulators, root, group control, cloud control, IMEI forgery, GPS forgery, etc.

In terms of tool selection, the techniques used by attackers in 2020 did not change much, but there were some updates in the tools. The most commonly used tool was Multiple Avatars, followed by the modification tool Weiba.

Since Android is an open source system, the economic cost and difficulty of cracking the system are relatively low. Therefore, up to 86% of attackers choose Android as their attack platform. At the system platform level, Android 10 replaced Android 9 as the largest platform, which is basically consistent with Google's release process.

In terms of city distribution, the largest source city of mobile platform bots is Guangzhou, followed by Shanghai.

Bots attacks on Xiaomi ranked first, followed by Huawei and OPPO.

Summarize

Overall, as Bots robot attacks have become the mainstream of attacks today, with the strengthening of AI technology and platform trends, increasingly complex and advanced Bots robot attacks have brought more severe challenges to the cybersecurity industry.

As a domestic company that has innovatively proposed the concept of "dynamic security", Ruishu Information's Bots automated threat defense capability is its signature skill. Its robot firewall product Botgate has become a very effective solution on the market for dealing with Bots robot attacks.

In the future, as more companies change their security thinking, Ruisu Information will use this security weapon to achieve a higher level of security defense, help more companies keep Bots attacks out, and build a responsive and well-defended network security system.