What are botnets, and how does their architecture evolve based on the defense strategy protecting a website when faced with a persistent bot operator driven by an economic incentive?

Incentive vs. Botnet Sophistication

The evolution of defense strategies has pushed botnet operators to become much more advanced. Because of the continuous advancement of web security products, some less sophisticated botnet developers have given up along the way. New entrants, however, will always find their way into the bot game to pick up where others left off and advance their tools and methods.

Back in the days when bot activity was perceived as DDoS, a simple web application firewall with rate limiting, IP blocking, and a custom rule builder was all that was needed to protect a website against attacks. These simpler methods still help today to detect bot activity, but not for long. Bot operators and fraudsters, in general, are motivated by the revenue gained from the data collected. After all, data is the new gold when one knows how to exploit it. The higher the revenue potential, the more persistent and sophisticated the attack strategy. For example, scalpers can make huge returns on reselling limited-edition shoes. Data extraction companies make big revenue by scraping and selling data from the Internet to their customers. ATO can also be lucrative. ...