Analyzing Malicious Chatbots: Everywhere, Nowhere to Hide

AsiaIndustrial NetNews: In 2016, about 185 million new netizens came online, the vast majority of them from countries such as India, representing a huge growth in the market.However, it’s not just the online population that continues to grow, the chatRobotThe number is also increasing.

The term “chatbot” covers a wide variety ofautomationPrograms: While some can be used as source data for search engines to help people match their queries with the most appropriate website, other bots are less useful. Malicious chatbots accounted for 19.9% ​​of all website traffic over the past year, a 6.98% increase over the same period in 2015.

Malicious chatbots interact with apps in the same way as legitimate users, making them harder to guard against. However, the results can be harmful: malicious chatbots, for example, can harvest data from websites without permission, while other chatbots can also engage in criminal activities such as ad fraud and account theft.

Chatbots can abuse, misuse, and launch attacks at high rates on websites and APIs. They enable attackers, pesky competitors, and fraudsters to conduct a host of malicious activities, including web scraping, competitive data mining, personal and financial data collection, forced logins and man-in-the-middle attacks, digital ad fraud, spam, and Transaction Fraud, etc.

The “malicious chatbot” problem has become so rampant that it has gained the attention of the U.S. federal legislature. To prevent illegal ticket-buying procedures, the U.S. Congress passed the Better Online Ticketing Act. Similarly, the UK and Canadian governments are considering new laws to stop chatbots from automatically buying airline tickets. While legislation is a welcome deterrent, it’s hard to pass legislation against chatbots you don’t recognize.

Malicious chatbots are getting attention, but they want to survive. What does the data show? Through our network, we examine chatbot trends, including tens of millions of malicious chatbot requests, anonymized across thousands of domains.

As part of this project, we focus on malicious chatbot activity at the application layer, as these attacks are different from the simple distributed denial-of-service attacks that usually grab the headlines. Here are some of our most important findings:

1. A bigger site?bigger goal

Malicious chatbots don’t sleep, they’re almost everywhere. But while malicious chatbots are active on all sites, larger sites took a hard hit in 2016. Malicious chatbots accounted for 21.83% of large website web traffic, an increase of 36.43% since last year.

Larger sites often rank higher in search engine results because people rarely go back to the original search results. Smaller sites don’t achieve the same level of SEO traffic lift, so large and medium-sized sites are more tempting targets for malicious chatbots.

2. Malicious chatbots lie

To avoid detection, malicious chatbots are bound to lie. They do this by reporting the user agent as a web browser or mobile device. In 2016, most malicious chatbots claimed to be the most popular browsers: Chrome, Safari, Internet Explorer, and Firefox. Among them, Chrome is the most popular.

At the same time, “malicious chatbots” on mobile browsers also increased by 42.78% over the same period last year. This is the first time mobile Safari has entered the top five self-reported user-agent lists, surpassing web Safari by 17%.

3. If you build it, the chatbot will appear

When it comes to website attractiveness, there are certain types of malicious chatbots. Malicious chatbots look for sites with four main characteristics: proprietary content or pricing information, landing areas, web presence, and payment processors. In 2016, 97% of sites with proprietary content were unwelcomely crawled, 96% of sites with login pages were attacked by malicious chatbots, 90% of sites were attacked by malicious chatbots bypassing login pages, and 31% of sites attacked by spam chatbots.

4. Data center weaponization

In 2016, the data center became the weapon of choice for “malicious chatbots”, with 60.1% of malicious chatbot attacks coming from the cloud. Amazon AWS was the hottest ISP for the third year in a row, accounting for 16.37% of all malicious chatbot traffic, but four times as much as the next ISP. But why use a central data center instead of the traditional “zombie” computers that are part of a botnet and more typical of DDOS attacks?

The answer here is that it has never been easy to develop malicious chatbots with open source software, or publish them using a globally distributed network of cloud computing services. These data centers can ramp up chatbot attacks on the application layer faster and more efficiently, and methods like masking IP addresses have become very simple and important in chatbot deployments. This centralized approach is easier to manage when fraud and account theft activities are involved.

The Links:   3HAC13389-2   SRDA-SDB71A01A-E 

Published on 09/09/2022