When Web Bots Attack

When web bots attack, what websites are the most likely to targets?  We discussed automated attacks against websites last month.  Here is some new information from Distil Networks about who the main targets have been in the recent past. If your business is included in the following list, you may want to ramp up the security posture of your website and web hosting account.

The industries targeted most frequently by bots are:

  • health care
  • gambling
  • airlines and travel sites
  • financial, insurance and real estate sites
  • ticket vendors
  • adult and dating sites
  • ecommerce sites

Malicious bots can:

  • scrape prices and content with your permission to be used on price aggregation sites
  • use scanning tools on  websites to look for unpatched known vulnerabilities to exploit
  • hijack websites for use in spam and phishing exploits
  • hijack websites to “rent” to other cybercriminals
  • steal user names and passwords
  • steal email addresses and other personally identifying information
  • flood a web site with spurious traffic and cause a denial of service
  • create fake and impostor accounts to steal services
  • credit card fraud activities
  • hold items in shopping carts to make inventory unavailable to real shoppers

Bot mitigation strategies include using a web application firewall, anti-DDoS, or similar service.  Another great tactic is to hack your own website.  That way you can find vulnerabilities and weaknesses that the attackers could also find and use to compromise your site.  In any event doing nothing is a good way to end up in the news as the latest victim of a breach.

Over the next two weeks we are going to go deeper into the whys and hows of web site security, and give our readers steps they can take to secure their website from attack and hijacking.

More information –

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.