When Web Bots Attack

When web bots attack, what websites are the most likely to targets?  We discussed automated attacks against websites last month.  Here is some new information from Distil Networks about who the main targets have been in the recent past. If your business is included in the following list, you may want to ramp up the security posture of your website and web hosting account.

The industries targeted most frequently by bots are:

  • health care
  • gambling
  • airlines and travel sites
  • financial, insurance and real estate sites
  • ticket vendors
  • adult and dating sites
  • ecommerce sites

Malicious bots can:

  • scrape prices and content with your permission to be used on price aggregation sites
  • use scanning tools on  websites to look for unpatched known vulnerabilities to exploit
  • hijack websites for use in spam and phishing exploits
  • hijack websites to “rent” to other cybercriminals
  • steal user names and passwords
  • steal email addresses and other personally identifying information
  • flood a web site with spurious traffic and cause a denial of service
  • create fake and impostor accounts to steal services
  • credit card fraud activities
  • hold items in shopping carts to make inventory unavailable to real shoppers

Bot mitigation strategies include using a web application firewall, anti-DDoS, or similar service.  Another great tactic is to hack your own website.  That way you can find vulnerabilities and weaknesses that the attackers could also find and use to compromise your site.  In any event doing nothing is a good way to end up in the news as the latest victim of a breach.

Over the next two weeks we are going to go deeper into the whys and hows of web site security, and give our readers steps they can take to secure their website from attack and hijacking.

More information –


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.