Anyone Can Launch a Bot Attack in 2024

Netacea is a noted vendor in a new Forrester report, The Bot Management Software Landscape, Q1 2024. The report provides important independent research into the evolution of automated attacks threatening businesses in the coming year, and how bot management solutions are positioned to defend against them.

The main trend cited in the report is that now, anyone can launch a sophisticated bot attack. The barrier to entry, both in terms of skills and cost, has dropped so that even regular consumers can access malicious automation – making it vital for bot protection solutions to adapt quickly to changing attack strategies.

This echoes the findings in Netacea’s recent report, “How are Bots Changing Buyer Behavior?” Our major survey of American consumers revealed that:

• 17% of US consumers admit to using a bot to purchase items online in the last year.
• 25–36-year-olds were the age group most likely to use bots, with 27.1% having done so.
• Only 2% of Americans said they would never use a bot to illegally scalp tickets.

Find out more about public awareness of bot attacks and how consumers are responding in the full report: “How are Bots Changing Buyer Behavior?”

Who uses bots and why?

Whether as skilled individuals or as part of organized gangs, criminals have long been launching financially driven bot attacks, including credential cracking, account takeover, identity theft, automated carding fraud, and scalping.

While all these attacks affect both businesses and their customers to some degree, consumers are particularly frustrated by scalper bots; these have a significant advantage over humans when it comes to making purchases before items sell out. Losing out to bots means paying over the odds to scalpers on secondary markets or not getting the item at all.

How can consumers access bots?

Until recently, sophisticated bots were firmly out of reach for average consumers. There were three ways to get access to malicious bots, which were either hard, risky or expensive:

• Program a bot yourself (hard)
• Join a criminal group with access to bots (risky)
• Buy a bot outright (expensive)

To program a bot yourself requires specialist coding and network skills, especially as defenses have advanced and the bots themselves have become more complex in response.

Accessing criminal communities that operate bots is also difficult and risky, as you could easily be scammed or get on the wrong side of the law.

Alternatively, you could buy a bot, however this is very expensive. Our threat research team has seen bots sell for thousands of dollars, which is justified by the amount of money they generate via illegal activities like card cracking and ticket scalping.

Renting a bot-as-a-service

But in recent years, the bot landscape has shifted to a “bot-as-a-service” model. Bot developers have caught on to the demand for bots and are now running professional, “legitimate” businesses renting bots out to everyday consumers for a few dollars a day. The service includes all the infrastructure customers need to run the bot, as well as 24/7 multilingual support, the latest updates, and patches to bypass defenses.

Almost any kind of automated attack is now easily accessible within this ecosystem. It might start out as one person wanting to secure a specific pair of shoes for their own collection, but this can easily become a side hustle, and a gateway to clearly illegal activities like credential stuffing using rented bots.

Using all kinds of bots is now cheap, safe and easy, with almost no upfront investment, technical knowledge or insider access to shady gangs needed.

These bots aren't hard to find. According to "How are Bots Changing Buyer Behavior?", 68.4% of consumers find bots to rent or use via social media, while 44.8% have found them using search engine queries.

Websites renting out scalper bots are easy to find online.

What does this mean for businesses?

This commoditization of bots has put pressure on developers to make their bots as effective as possible, so their subscription fees keep rolling in. This means working diligently on anti-bot bypass modules to ensure their bots work as advertised.

As a result, businesses need to partner with a bot management vendor that will work continuously to improve defenses and adapt to evolving attacks. Netacea achieves this in several ways:

• Tailored machine learning models: Our bot detection AI adapts to changing visitor behavior and identifies new bot threats for each individual customer we protect.
• Bot expertise on-hand: Our data analysts examine and help you understand developing bot trends, working with our data scientists to create new detection models.
• Threat research embedded: We monitor activity and chatter within bot attacker communities and use this intelligence to enrich our detection technology, mitigating attacks before they even happen.

Stay ahead of the ever-evolving bot threat landscape by trying Netacea Bot Management. Book your demo today.