Chapter 3. Focusing on the Threat of Malicious Bots

Your security team is not the only one that is increasingly relying on ML, AI, and automation. Cybercriminals and nation-state actors all use automation and rudimentary machine learning to build out large-scale attack infrastructures. These infrastructures are often referred to colloquially as bots or botnets reflecting the automated nature of the attacks. This chapter covers some of the different types of bots, how they work, and the dangers they pose to organizations.

Bots and Botnets

By some measures bots make up more than half of all internet traffic and are the number one catalyst for attacks, ranging from botnets launching distributed denial of service (DDoS) attacks to malicious bot traffic that simulates human behavior to perpetrate online fraud, all at an exponentially expanding scale. Reports on a recent industry study analyzing more than 7.3 trillion bot requests per month reveal that in the last three months of 2017, the attacks made up more than 40% of malicious login attempts. The study also reports that attackers are looking to add enterprise systems as a part of their botnet by exploiting remote code execution vulnerabilities in enterprise-level software.1

The terms bot and botnet get thrown around a lot, but what do they really mean? There are a lot of different types of bots that perform different functions, but a malware bot is a piece of code that automates and amplifies the ability of an attacker to exploit ...

Get Security with AI and Machine Learning now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.