This article has been written by Radhika Subhash Tapkir pursuing a Remote freelancing and profile building program from Skill Arbitrage.
This article has been edited and published by Shashwat Kaushik.
Table of Contents
Introduction
A ‘bot’ or ‘robot’ is a set of instructions and commands programmed in computer software to execute specific scripted or automated tasks to stimulate a near human environment or behaviour. They are programmed to perform tasks at a fast pace with accuracy and efficiency in inhumanely large volumes. As we increasingly rely on digital platforms for communication, commerce and information sharing, our vulnerability to cyber threats has surged. Cybersecurity has become a critical necessity to protect individuals, businesses and governments from the ever-evolving landscape of online threats, such as botnet attacks.
Nature and types of bots
‘Bots’ began making a name for themselves in the 1990’s as the good little worker bees doing their queen’s bidding. They were seen as a highly efficient and powerful resource in the computer world. Hence, it is the ‘intent of usage’ that truly determines the good or bad nature of the bots.
The ‘good’ bots
It can be simply stated that bots that are programmed to automate labour-intensive tasks such as combing through huge amounts of data sets, getting specific information quickly and accurately, and analytics, etc. in businesses, websites, and corporations can be termed ‘good bots’.
Here are a few examples of good:
- Chatbots- These types of bots are often found on websites or apps to enhance the customer experience through AI algorithms. They generally engage in assisting customers by communicating and resolving basic queries.
- Shopping bots- These types of bots typically analyse the user behaviour on different e-commerce websites to improve customer satisfaction by providing correct recommendations and improving their online shopping experience.
- Social media bots- These types of bots automate certain tasks on online platforms such as Facebook, Instagram, Snapchat, etc. For example, – Public accounts on Instagram or business accounts on WhatsApp have the option to respond to queries with an automated response until an actual person resolves the query.
- Monitoring bots- These bots are used by websites to track their overall performance. Such bots run in the background to collect data on the health of the website and track the changes in its workings.
- Web scraping bots- These types of bots generally engage in the extraction of data (oftentimes without the explicit consent of the website user or website owner) from different websites for various purposes, such as creating databases, analysing the collected data, etc.
- Spider bots- These bots are also called ‘web crawlers’ or ‘internet crawlers’. The spider bots are programmed to read everything available on the internet and analyse the information into categorised databases. These bots help search engines rank the content and filter out obsolete information.
The ‘bad’ bots
As a coin with two sides, bad bots do exist. These ‘bad bots’ are used with malicious and criminal intent and are widely known, even by the general public. The greatest example is the Trojan Horse programme, which began the popularity of malicious codes used by cybercriminals to gain access to computers and infect them with viruses to collect personal and sensitive information.
Here are the following examples of bad bots:
- Spam bots- These bots are programmed to post similar content, like emails, newsletters, links, advertisements, etc., repeatedly for malicious purposes.
- Distributed Denial of Service (DDoS) Bots- DDoS bots often flood a website with massive amounts of traffic, causing it to crash or show an error to its users. Such erroneous behaviour on the website results in damage to the reputation of the site and its owner/brand and also causes financial loss to the site.
- Imposter bots- These bots deceptively impersonate the behaviour of actual human users/customers and circumvent online security and authentication measures. Such bots are difficult to discover as they mimic human behaviour and patterns perfectly.
- Inventory denial attack bots- Such bots are found on shopping websites and e-commerce stores. They mimic the behaviour of users and repeatedly place a product into a shopping cart without any actual transaction taking place. This process tricks the website/store into believing that the item is out of stock, but it’s being put into the carts of various users without their knowledge.
- Credential filing attack bots- These bots are responsible for fraudulently logging into user accounts to steal credentials or sensitive information, leading to identity theft, fraud, etc.
What are ‘bot attacks’ and their different types in cybersecurity
Bot attacks are a type of cyberattack that uses automated scripts to disrupt a site, steal data, perform fraudulent purchases, or carry out any other malicious actions. These attacks are often carried out by botnets, which are networks of hijacked computer devices used to execute various scams and cyberattacks. In 2023, over 1.45 billion bot attacks were detected.
Bad bots pose potential threats to systems, software and devices that utilise the internet. These risks and threats can manifest themselves in the forms of – content manipulation on online social platforms, data leaks or privacy breaches, negatively affecting user engagement on business websites, posting fake reviews, fraudulently taking over online accounts, etc.
Types of bot attacks
There are various types of bot attacks. Here are the following examples:
- Device bricking: In device breaking, a device is infected and its contents are deleted. This renders the device unusable or makes the work stop altogether. Such an attack is conducted in multiple phases.
- Spam and phishing: A high volume of unsolicited emails or messages containing fishing links aiming to trick recipients into revealing sensitive information are sent through bots. The sole purpose of this type of attack is to spread malicious content, steal credentials or install malware on the victim’s system.
- Brute force attacks: A brute force attack is a boatneck attack that involves automated and relentless attempts to gain unauthorised access by systematically guessing all possible combinations of usernames and passwords. It exploits vulnerabilities in the login systems by guessing commonly used or extremely weak login credentials of users.
- Cryptojacking: The objective of this particular type of bot attack is to illicitly mine cryptocurrencies. Using the victims’ computing powers.
- Distributed Denial of Service Attacks (DDoS): This type of attack utilises a network of compromised devices to overwhelm a target server or network with a flood of traffic, rendering it inaccessible to legitimate users.
- Ad fraud: The bots in this type of fraud mimic human behaviour to interact with online ads, that is, through ‘click ad; behaviour, and generate false impressions or clicks to defraud advertisers. The main aim of this type of attack is to deceptively advertise fraudulent ads and get financial gains through these practices.
Common targets of bot attacks
Different types of bots are coded to target a specific audience or user base. Some of the common targets of bot attacks include:
- Websites: Bot attacks can target websites for various purposes, such as to overwhelm servers with web scraping for data extraction and to exploit vulnerabilities in web applications of websites for unauthorised access.
- Online shops: The number of new errors in D2C commerce and e-commerce websites or online shopping platforms has increased in the past couple of years. Cybercriminals have started to engage in activities where they try to manipulate prices or web scrape to gain a competitive advantage or conduct fraudulent transactions to ruin the repetition and prestige of those online shops or e-commerce websites for new users.
- Financial institutions: Cybercriminals often try to gain access to financial platforms or banking accounts that are available online. They often try to gain the passwords or credentials of the users, such as credit card information, banking login passwords and usernames.
- Personal information: Oftentimes, individual users are attacked to steal sensitive information relating to their physical, physiological, financial or online activities. Cybercriminals often use these credentials or attributes for fraudulent purposes, such as creating fake accounts, committing online theft, identity theft, etc.
- Media and entertainment industry: Recently, it has been seen that the media and entertainment industry has been hit by botnet attacks that are responsible for distributing pirated content, engaging in click fraud for advertising revenue or disrupting streaming services.
- Government and healthcare systems: Bots or botnets attack government or healthcare systems to gain unauthorised access to sensitive data. In the event that a government website or database is hacked by a botnet attack, it is done to disrupt critical services through either DDoS attacks or by compromising the infrastructure for a geopolitical reason. In the case of the healthcare system, cybercriminals are more concerned with gaining unauthorised access to sensitive patient data describing health care services or exploiting vulnerabilities in medical devices to manipulate the patients’ health.
Real-life examples of bot attacks
Cybercrime around the world has exploded, with schemes and scams becoming a common sight. The use of the internet by criminals and nefarious organisations to extract money and information has reached an all-time high.
Millions of spam messages and emails are sent with fraudulent website links, fake accounts phishing for information, and fraud ads that mislead the common civilian.
The cybercriminals use ‘botnets’, i.e., a large-scale network of web-based or internet-based software applications (bots), to infiltrate and infect the devices of internet users. Here are a few notable real-life bot attacks:
- Kraken (2008) – It was one of the biggest botnet attacks in history. At its peak, it controlled over 500,000 bots, with each bot capable of sending 600,000 spam emails per day.
- Mariposa (2008) – This botnet attack specialised in stealing sensitive information such as phone numbers, credit card numbers and passwords from their accounts on financial websites. It spreads its malware through fraudulent digital ads. The botnet attack was the creation of Spanish cybercriminals who used a malware programme called ‘Butterfly Bot’, hence the name ‘Mariposa’ (it means ‘Butterfly’ in Spanish).
- Cutwail (2007) – Created by Russian hackers in 2007, was single-handedly responsible for half of the world’s spam emails.
- EarthLink Spammer (2000) – It was the first botnet to be publicly recognised in 2000 for sending phishing emails in bulk to collect sensitive customer information, such as credit card information. Around 1.25 million spam messages were sent in one year. EarthLink sued the botnet attackers for $25 million.
- Methbot (2016) – This bot attack was masterminded by Russian criminals. It was labelled as the biggest digital ad fraud ever, perpetrated by faking clicks on video advertisements. The attack was unprecedented in its scale and sophistication. Methbot used a network of compromised computers to simulate human behaviour, clicking on video ads without any real users ever seeing them. The criminals behind Methbot were able to generate millions of fake clicks per day, earning millions of dollars in fraudulent advertising revenue.
The Methbot attack was a major wake-up call for the digital advertising industry. It exposed the vulnerability of online advertising to fraud and raised concerns about the integrity of the entire ecosystem. In the aftermath of Methbot, advertisers and publishers have taken steps to improve their defences against fraud, but the threat remains significant.
- Mirai (2016) – This botnet was the genius and malicious creation of three college-going Minecraft players. Paras Jha initially gathered around 400,000 bots and unleashed them multiple times on Rutger’s University’s network, unleashing havoc on the campus, students and staff alike. The botnet attack was classified as a type of Distributed Denial of Service (DDoS) attack.
These attacks can lead to data theft, account takeovers, and other forms of cybercrime, making it essential for businesses and individuals to implement effective security measures to protect their digital assets and personal information.
Prevention of bot attacks – detection and challenges
How to detect botnet attacks
Below are some signs that should be evaluated to detect if a botnet attack has taken over your computer or device.
- Updating computers or devices: Cybercriminals more often than not programme their malicious botnets to attack the simple instructions in a computer, i.e., disabling the functions of computers to be updated or the Anti-Virus software to malfunction/glitch.
- Slow speed of computer: The programmes of software in the computer of the device run unusually slower than the normal speed. For example, the files take longer to open, or the screen of the computer or device freezes or completely blacks out.
- Unauthorised actions on email: Mostly botnet attacks are done through sending malicious spam emails or phishing. If they are opened or any link attached to them is accessed by the customer, it can easily infect the device at a rapid rate. Also, possibly hack into the customer’s email account and gain unauthorised access to it.
- Social media accounts being hacked: Hacked social media accounts such as Instagram, Snapchat, or Facebook can be used by cybercriminals to send infected malware to your friends and family through links and picture messages. Once such messages are opened or downloaded by the receiving party, they can further spread.
Prevention techniques
To protect against bot attacks, organisations can implement various measures, such as:
- Time-analysis: In the case of a business or website, a bot can be detected by the speed or time taken to perform certain tasks, such as filling out forms, passwords, login IDs used, etc.
- Captcha: Implement Captcha mechanisms to differentiate between human and bot traffic. This will prevent bots from accessing sensitive forms or content in the case of an online business or website.
- Honeypots: Honeypots are concealed elements strategically incorporated into user registration forms to thwart automated submissions by bots. While imperceptible to users, these fields are detectable by birds. When information is applied to the concealed fields, it serves as an indicator that a spambot is attempting to complete the form. The implementation of this inconspicuous field can be achieved through programming in HTML or other.
- Firewalls: Always install and enable a firewall to detect any sort of botnet communication or attack.
- Limit or blacklist IP addresses: Avoid websites that do not provide authenticity. Limit or restrict access by enabling ‘restrict access’ to certain sites on your web browser or Anti-Virus software. Always avoid pop-ups or pop-up ads. If possible, block all pop-up ads in your browser.
- Validate email addresses and phone numbers: Use multi-factor authentication to access email addresses and phone numbers. Always make sure the incoming phone numbers are legitimate and not bots or spammers.
Legal framework
India is in the process of developing a comprehensive legal framework to regulate the use of bots. The need for such a framework has arisen due to the increasing prevalence and sophistication of bots, as well as the potential risks and challenges associated with their use. The government has recognised the importance of balancing the benefits of bots with the need to protect consumers and ensure responsible use.
While a comprehensive legal framework for bots is still in the works, certain aspects of bots are currently covered under various existing laws. These laws provide a foundation for addressing some of the legal issues surrounding bots.
- Data privacy: The Information Technology Act, 2000, addresses issues related to data protection and electronic contracts. This law requires organisations to obtain consent from individuals before collecting, using, or disclosing their personal information. It also imposes certain obligations on organisations regarding the storage and protection of personal data.
- Consumer protection: The Consumer Protection Act, 1986, protects consumers from unfair trade practices and defective goods and services. This law may be applicable to bots that are used in e-commerce or other consumer transactions. For example, consumers may have the right to a refund or replacement if a bot-powered product or service does not perform as advertised.
- Intellectual property rights: The Copyright Act, 1957, and the Patents Act, 1970, provide protection for intellectual property rights, including software and algorithms. These laws may be relevant to bots that incorporate copyrighted or patented material. For example, a bot that uses copyrighted content without permission may be subject to legal action.
Challenges and future considerations
Despite the existence of these laws, there are still a number of challenges and issues that need to be addressed in the development of a comprehensive legal framework for bots.
- Liability: Determining liability for harm caused by bots is a complex issue. In some cases, the bot developer may be liable, while in other cases, the user or the platform hosting the bot may be responsible.
- Transparency and accountability: Ensuring transparency and accountability in the use of bots is important to protect consumers and prevent abuse. This may involve requiring bot developers to disclose information about the bot’s functionality and purpose, as well as implementing mechanisms for users to report any harmful or deceptive behaviour.
- International cooperation: The regulation of bots is a global issue, as bots can operate across borders. International cooperation will be necessary to develop harmonised approaches to bot regulation and address cross-border issues.
What is cybersecurity
The term ‘cybersecurity’ can be considered an umbrella term for the defence mechanism deployed against malicious attacks done by cybercriminals. Cybersecurity is a multi-faceted field that involves a combination of technical measures, such as firewalls, intrusion detection and prevention systems, and encryption, as well as organisational policies and procedures, such as security awareness training for employees and regular security audits. It is an ongoing process that requires constant vigilance and adaptation to new and evolving threats.
Some of the key areas of cybersecurity include:
- Network security: Protecting the network infrastructure from unauthorised access, Denial of Service (DoS) attacks, and other threats.
- Endpoint security: Securing individual devices such as computers, smartphones, and tablets from malware, phishing attacks, and other threats.
- Data security: Protecting sensitive data from unauthorised access, theft, or loss.
- Application security: Ensuring that software applications are developed and deployed securely to prevent vulnerabilities that could be exploited by attackers.
- Cloud security: Protecting data and applications stored in the cloud from unauthorised access, theft, or loss.
Cybersecurity is essential for businesses of all sizes, as well as for governments and individuals. By implementing effective cybersecurity measures, organisations can protect their valuable assets, maintain their reputation, and comply with relevant laws and regulations.
Importance of cybersecurity
The cyber landscape is dynamic, with malicious actors employing sophisticated techniques to exploit systems and networks. From ransomware to data bridges and identity theft, the range of ‘Cyber Threats’ is vast and continuously evolving. Such threats not only jeopardise confidentiality and integrity but also pose a high risk in the form of the easy availability of data, which can pose a major threat to the national and economic stability of a state. The importance of cybersecurity can be understood as:
- Acquiring cybersecurity skills helps protect sensitive information.
- It is a collective responsibility.
Best cybersecurity practices
With the continuous expansion of cybersecurity attacks and data breaches, it is predicted that global spending on cybersecurity solutions will increase and eventually surpass the $260 billion mark by 2026.
Here are some of the best cybersecurity practices:
- Automated threat detection: AI offers groundbreaking tools for detecting and mitigating threats, enhancing the efficiency of cybersecurity operations.
- Training and skill development: Right-skilled individuals, equipped with knowledge about AI’s role in cybersecurity, can deploy tools effectively and educate others in the organisation.
- Full visibility: Achieving full visibility across different systems and tools is crucial for effective cybersecurity in the age of AI. To understand the capability of a system or tool, ensure cyber-awareness.
Cyber security tips
When it comes to securing your devices and online systems against cyber attacks, it is the sole responsibility of the user to be more cyber aware. Here are a few simple tips to ensure your devices and systems are kept safe against cyber crimes:
- Always use Anti-Virus protection software to ensure your laptops, computers, and mobile phones are secure in case of a malicious attack. Such software blocks malicious viruses from entering your device and potentially corrupting your data.
- Enable the firewall on your laptops and computers. These are important for ensuring your data is not hacked or becomes fodder for malicious online activities.
- Use a strong password for critical files, folders, apps, devices, accounts, etc. Make sure your password is not a simple or common phrase or term. Instead, use a mix of complex letters, numbers, and symbols.
- Be suspicious of unknown emails, phone calls, or messages. It is advised to never open emails or messages sent by an unknown sender. These are called ‘phishing scams’ and are used with the malicious intention of making the user divulge sensitive information or access to the device.
- Regularly back-up your online data. It is generally advised for the user to keep their data on at least two different devices for online security purposes, such as a hard drive (external) and cloud storage.
- Update your software and operating systems. Any vulnerabilities in your systems can become a critical access point for hackers.
- Always use a VPN (Virtual Private Network) server. By using a VPN, the user ensures that the traffic to and fro from the device is encrypted. The data on your device is difficult for a malicious outsider to access. It’s best to avoid public networks or WiFi.
Risks or privacy with the rise of ai and cyber-criminals
AI technology has provided for every industry, from fashion to finance to agriculture and beyond. This technology has continuously laid the foundations for the future of the digital revolution. It challenges the core traditional norms of how data and privacy may be viewed.
The rapid rise of AI and AI-related tools has raised ethical questions about data protection, human privacy, social responsibility, cybercrime, and societal impact. The navigation of such questions has led to concerns relating to the misuse of such technology.
Cybercriminals are utilising AI and AI tools to infiltrate the computers of users and businesses. It is predicted that the newer generation of bot attacks will use AI technology. This type of technology allows access to large numbers of voice, handwriting, language, and data sets.
- Privacy paradox: AI’s potential to infer sensitive information poses risks of unauthorised data dissemination, identity theft and unwarranted surveillance. The need for self-regulation in the use of AI is what needs to be understood.
- Ethical and societal issues: IEEE, in its global mission initiative, has highlighted the importance of how AI should ‘prioritise human welfare, ensuring that ethical considerations aren’t mere afterthoughts’. It very conveniently highlights that bots must comply with ethical norms while protecting user privacy and confidentiality.
- Individual and organisational privacy: AI’s complexity and data analysis capabilities present challenges to individual and organisational privacy. There will always be an issue of bias and discrimination.
Conclusion
In the age of AI, cyber security is essential to prevent bot attacks and safeguard the data and privacy of users and businesses. Acquiring cyber security skills and implementing best practices are crucial steps to navigating the digital front securely. Integration of AI into cyber security can offer a groundbreaking tool for thread detection but it also amplifies the capabilities of cyber adversaries.
References
- https://www.thedigitalspeaker.com/privacy-age-ai-risks-challenges-solutions/
- https://standards.ieee.org/industry-connections/ec/autonomous-systems/
- https://www.reuters.com/legal/legalindustry/privacy-paradox-with-ai-2023-10-31/
- https://securityintelligence.com/articles/what-is-botnet-attack/
- https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/
- https://www.forbes.com/sites/thomasbrewster/2016/12/20/methbot-biggest-ad-fraud-busted/?sh=1ee23a444899
- https://www.analyticsinsight.net/botnet-attacks-severity-protection-and-most-dangerous-invasions-in-past-years/
- https://www.wired.co.uk/article/infoporn-rise-and-fall-of-uks-biggest-spammer
- https://www.cisa.gov/news-events/ics-advisories/icsa-10-090-01
- https://www.welivesecurity.com/2015/02/25/nine-bad-botnets-damage/
- https://www.radware.com/cyberpedia/bot-management/types-of-bots/
- https://www.crowdstrike.com/cybersecurity-101/malware/trojans/
- https://www.indusface.com/resources/research-reports/the-state-of-application-security-q3-2023/?utm_source=gbhackers-sponsored-article&utm_medium=referral&utm_campaign=gbhackers-bot-attacks-API
- https://www.humansecurity.com/learn/topics/what-are-denial-of-inventory-and-scalping-attacks
- https://seon.io/resources/bot-attacks/