When Web Bots Attack

When web bots attack, what websites are the most likely to targets?  We discussed automated attacks against websites last month.  Here is some new information from Distil Networks about who the main targets have been in the recent past. If your business is included in the following list, you may want to ramp up the security posture of your website and web hosting account.

The industries targeted most frequently by bots are:

  • health care
  • gambling
  • airlines and travel sites
  • financial, insurance and real estate sites
  • ticket vendors
  • adult and dating sites
  • ecommerce sites

Malicious bots can:

  • scrape prices and content with your permission to be used on price aggregation sites
  • use scanning tools on  websites to look for unpatched known vulnerabilities to exploit
  • hijack websites for use in spam and phishing exploits
  • hijack websites to “rent” to other cybercriminals
  • steal user names and passwords
  • steal email addresses and other personally identifying information
  • flood a web site with spurious traffic and cause a denial of service
  • create fake and impostor accounts to steal services
  • credit card fraud activities
  • hold items in shopping carts to make inventory unavailable to real shoppers

Bot mitigation strategies include using a web application firewall, anti-DDoS, or similar service.  Another great tactic is to hack your own website.  That way you can find vulnerabilities and weaknesses that the attackers could also find and use to compromise your site.  In any event doing nothing is a good way to end up in the news as the latest victim of a breach.

Over the next two weeks we are going to go deeper into the whys and hows of web site security, and give our readers steps they can take to secure their website from attack and hijacking.

More information –


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.