"2021 Bots Automation Threat Report" in-depth analysis of the four characteristics and five scenarios of automation threats

As Bots automation tools become more platform-based and AI-based, the means and coverage of Bots attacks are increasing, and the attacks are becoming more efficient and aggressive. The efficient and large-scale attacks launched by automation tools have greatly increased the security risks of industries and institutions at the business, application and data levels.

In the "2021 Bots Automation Threat Report", Ruishu Information conducted a multi-angle analysis of automation threats and summarized the four major characteristics and five typical scenarios of automation threats.

1. Automated threats in 2020 have four major characteristics

Compared with 2019, the domestic bot attack situation in 2020 is still very serious, and the attackers' tools, methods and efficiency have developed significantly. Especially under the influence of the epidemic, the rise of remote working mode has directly increased the attack surface of enterprises. With the help of automated tools, attackers can detect vulnerabilities in enterprise systems in a more efficient and covert way in a short period of time, which puts higher requirements on enterprise security protection.

Feature 1: APIs are the main target of attackers

As enterprise businesses develop, access methods have merged into multiple methods such as the Web, APP, and mini-programs. APIs, which are the basic support for integrated access, have also become the focus of attackers. Gartner predicts that by 2022, API abuse will be one of the main channels for data leakage. At the same time, OWASP has also launched security threat rankings and security guidance for APIs, and APIs will become the next attack hotspot. There is no doubt that API abuse and API attacks will become a major threat to enterprise Web application data leakage and business risks.

Feature 2: Application attack threshold is further lowered

In 2020, various scanners and attack platforms emerged one after another. With the assistance of AI, both the depth and breadth of vulnerability detection have been greatly improved. In particular, various attack platforms integrate vulnerability discovery, exploitation, and backdoor implantation, which greatly improves the efficiency of attackers and further lowers the threshold for application attacks.

Feature 3: Attacks on the medical and health sector have increased significantly

Under the influence of the epidemic, attacks against domestic medical and health departments have shown a clear upward trend, among which system vulnerability scanning, DDoS, and high-frequency capture of public information have performed outstandingly. The number of attacks from abroad has increased significantly, which was also a security hotspot that emerged during the epidemic last year.

Feature 4: Risks of Rapid Digitalization

Under the epidemic, companies have rapidly promoted the digitalization and remoteization of their businesses, but the corresponding security protection measures have not kept up. The increase in exposure has opened up more ways for hackers to obtain sensitive data, and the number of incidents of personal privacy data and corporate data being sold on the dark web has increased exponentially.

2. Domestic Bots Automation Threats Involve Five Major Scenarios

Although OWASP has classified more than 20 types of automated threats, Ruishu Information has summarized and analyzed the domestic situation and concluded the five main scenarios faced by domestic government and enterprise organizations.

Scenario 1: Vulnerability Detection and Exploitation

Scan the target system for vulnerabilities and automatically exploit them after discovering them. With the help of automated tools, attackers can scan and detect vulnerabilities in targets in a more efficient and covert manner in a short period of time, especially for the full network detection of 0day/Nday vulnerabilities, which will be more frequent and efficient.

Scenario 2: Resource Preemption

Take advantage of the speed of Bots automation tools to seize limited resources. Common resource grabbing includes: registration, application, ticket purchase, flash sales, and free shopping.

Scenario 3: Data Scraping

The public and non-public data are captured by dragging and dropping. For example, various public information, personal information of citizens, credit information, etc. After being captured, the data is aggregated and collected, which creates potential big data security risks. At the same time, due to the lack of transparency in the authorization, source, and use of data, privacy infringement, data abuse and other issues are becoming more and more serious.

Scenario 4: Brute Force Cracking

Efficient password cracking of the login interface poses a great threat to system information security. This type of attack targets a wide range of targets, including various e-commerce and social systems that we are familiar with, as well as many office systems, such as online service offices, corporate email, OA systems, operating systems, etc. Almost all systems with login interfaces will become attack targets.

Scenario 5: Denial of Service Attack

Common denial of service attacks include application DoS and business DoS. In addition to the more common distributed denial of service attacks (DDoS), business-layer DoS attacks that use bots to simulate normal people's access to the system in large numbers, occupy system resources, and make the system unable to provide services to normal users are also becoming increasingly popular.

Conclusion <br /> Network security attack and defense is a continuous process. In the face of rampant Bots automated attacks, the single defense method of "fighting the enemy with soldiers and covering the water with earth" is no longer sufficient. Therefore, Ruishu Information recommends incorporating Bots management into the management architecture of enterprise applications and business threats, deploying new technologies that can protect against automated threats, and improving Bots attack protection capabilities with the help of technologies such as dynamic security protection, AI artificial intelligence, and threat situation awareness.