Security News > 2020 > April > ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel

Radware noted that cybercriminals use bots in many ways: Sophisticated bots built to circumvent security measures and take over user accounts by mimicking human behavior; denial-of-service bots that prevent online checkouts or take down specific pages; bots built for mobile environments; those that exploit vulnerabilities in applications and APIs; and custom, targeted bots that are built to attack specific companies or competitors.

"Bot developers now use JavaScript and HTML5 web technologies to enable bots to leverage full-fledged browsers. The bots are programmed to mimic human behavior when interacting with a website or app to move the mouse, tap and swipe on mobile devices and generally try to simulate real visitors in order to evade security systems."

From an industry-specific perspective, the sophistication level of e-commerce bots tends to be higher than in other verticals, the analysis showed, with 58 percent of the activity consisting of distributed, mutating bots that are programmed to not have repeating behaviors.

The use of bots built to masquerade as humans is also common in the travel industry, according to Radware.

"Bad bots are evolving to be more sophisticated in their capabilities to mimic human behavior and circumvent conventional security protections," Radware said in its report.

News URL

https://threatpost.com/threatlist-bots-spike-e-commerce-and-travel/155302/