#MillenniumLive , AI , CIO , CISO , CMO , Customer Experience , cybersecurity , Data , Digital , Financial Services , HR , Interview , Marketing , Millennium Staff , Podcast , Retail , Supply Chain
Recently, companies are beginning to shift to the use of the cloud and expose functionality via Application Programming Interfaces (APIs). Cybercriminals have been taking this new exposed entry to their advantage as new technologies often lack the proper security.
With APIs becoming more commonly used in companies, cybercriminals have been using Botnets to carry out malicious attacks on them. CSO Mag describes a botnet as a collection of internet-connected devices that an attacker has compromised, they act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’ systems. Common in Distributed Denial of Service (DDoS) Attacks and can be used to easily send spam to the masses, steal credentials with ease, or by spying on people and organizations.
API bot attacks are, in particular, becoming a major issue for E-Commerce businesses. Since they are used to carry out the stealing of credentials and private information, this puts a big target on the backs of e-commerce businesses. Specifically, they are being hit by tactics such as price scraping, sneaker bots, grinch bots, and gift card stuffing. These tactics can be used to share pricing information with competitors, automate purchases, and find specific products online and purchase them. Research done by Imperva revealed that over 30% of traffic to e-commerce sites are bots, 18% of traffic to e-commerce sites comes from bad bots, with 24% of those bad bots being classified as sophisticated. With these attacks on the rise, it is ever important for companies, especially those in e-commerce to invest in bot and API security.
As of late, the situation is only getting worse. The Council to Secure the Digital Economy (CSDE) shared a report stating that a single botnet can include more than 30 million “zombie” endpoints and allow these cybercriminals to profit roughly six figures per month. This has a serious impact as these DDoS attacks threaten health and research facilities as well as government services around the world, with these attackers using the circumstances of the pandemic for their personal gain. Botnets have been used on social media platforms to spread disinformation about the pandemic to threaten the global dialogue surrounding it and using the demand for information to incorporate phishing scams. They have been also used to specifically target vendors of face masks and hand sanitizer as the pandemic caused an influx of customers making them a big target for botnet attacks.
A report by Radware states that APIs are the next big threat as they are used to process a variety of sensitive information such as payment information, user credentials, social security information, etc. making API security the most critical area for companies to invest in 2021. They also mention that 55% of organizations receive a DDoS attack on their APIs monthly yet only 24% of organizations have a dedicated solution for bot management. For API Security, F5 Labs recommends a few best practices to protect your APIs against hacking.
- Do not store information in APIs that are not meant to be shared
- Don’t expose more data than necessary
- Encrypt traffic using TLS
- Inventory and manage your APIs
- Use a strong authentication and authorization solution
To protect yourself against botnet attacks in general, Panda Security recommends some tips on how to avoid them.
- Keep your operating system up-to-date
- Don’t open files from unknown or suspicious sources
- Scan all downloads before running the downloaded files, or find different ways of transferring files
- Don’t click suspicious links
- Install an antivirus program
Reach thousands of C-Level
Executives every month.
Do you have content that you feel will
resonate with our audience? We'd love to
welcome you as a guest contributor!
Premium content to our readers
interested in all things business.
Millennium Membership offers Fortune 1000 C-Level executives, leading public sector/government officials, and thought leaders across a variety of disciplines unique and exclusive opportunities to meet their peers, understand industry developments, and receive introductions to new technology and service advancements to help grow their career and overall company value.About Millenium Alliance
Launched in 2017, Digital Diary was created to provide premium content to our members interested in executive education and business transformation. With C-Suite executive and top academic contributors, interviews with industry leaders, and digital transformation insights from technology experts, Digital Diary has all of the professional development tools you need to stay ahead of the curve.
We are dedicated to distributing meaningful opportunities for our reader to increase their personal knowledge, simplify business initiatives, and to have the right information to build their capabilities and leadership skills at every level.
In the midst of disruption across all industries, our members are given the tools they need to digitally transform their organizations.