THE IMITATION GAME. Detecting and Thwarting Automated Bot Attacks

IT executives, contributors, and IT security teams in a range of industries understand that their growing arrays of public-facing applications, whether those are web, mobile, or API-based, are the targets of automated bot attack campaigns. Inexpensive and easy-to-launch automated malicious bot attacks exploit vulnerabilities in the business logic of these applications to hijack user accounts, create fake accounts, scrape content, carry out application distributed denial of service attacks, and carry out other types of attacks.
In this research, 52% of respondents indicated that their organization’s public-facing applications had experienced DDoS attacks in the last year, followed by 38% of respondents reporting fake account creation and vulnerability scanning/reconnaissance attacks over that same time period.
Depending on the type and size of the organization, the frequency of these attacks ranged anywhere from less than one per day to over 500 times per day. The largest percentage of respondents indicated the frequency of attacks was either one to five, six to 10, or 11 to 25 times per day.