Botnet Attacks on the Rise: Companies to Invest Heavily in API Security

  • By Josie Witaschek
  • in
  • on July 22, 2021

Recently, companies are beginning to shift to the use of the cloud and expose functionality via Application Programming Interfaces (APIs). Cybercriminals have been taking this new exposed entry to their advantage as new technologies often lack the proper security.

With APIs becoming more commonly used in companies, cybercriminals have been using Botnets to carry out malicious attacks on them. CSO Mag describes a botnet as a collection of internet-connected devices that an attacker has compromised, they act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’ systems. Common in Distributed Denial of Service (DDoS) Attacks and can be used to easily send spam to the masses, steal credentials with ease, or by spying on people and organizations.

API bot attacks are, in particular, becoming a major issue for E-Commerce businesses. Since they are used to carry out the stealing of credentials and private information, this puts a big target on the backs of e-commerce businesses. Specifically, they are being hit by tactics such as price scraping, sneaker bots, grinch bots, and gift card stuffing. These tactics can be used to share pricing information with competitors, automate purchases, and find specific products online and purchase them. Research done by Imperva revealed that over 30% of traffic to e-commerce sites are bots, 18% of traffic to e-commerce sites comes from bad bots, with 24% of those bad bots being classified as sophisticated. With these attacks on the rise, it is ever important for companies, especially those in e-commerce to invest in bot and API security.

As of late, the situation is only getting worse. The Council to Secure the Digital Economy (CSDE) shared a report stating that a single botnet can include more than 30 million “zombie” endpoints and allow these cybercriminals to profit roughly six figures per month. This has a serious impact as these DDoS attacks threaten health and research facilities as well as government services around the world, with these attackers using the circumstances of the pandemic for their personal gain. Botnets have been used on social media platforms to spread disinformation about the pandemic to threaten the global dialogue surrounding it and using the demand for information to incorporate phishing scams. They have been also used to specifically target vendors of face masks and hand sanitizer as the pandemic caused an influx of customers making them a big target for botnet attacks.

A report by Radware states that APIs are the next big threat as they are used to process a variety of sensitive information such as payment information, user credentials, social security information, etc. making API security the most critical area for companies to invest in 2021. They also mention that 55% of organizations receive a DDoS attack on their APIs monthly yet only 24% of organizations have a dedicated solution for bot management.  For API Security, F5 Labs recommends a few best practices to protect your APIs against hacking.

  • Do not store information in APIs that are not meant to be shared
  • Don’t expose more data than necessary
  • Encrypt traffic using TLS
  • Inventory and manage your APIs
  • Use a strong authentication and authorization solution

To protect yourself against botnet attacks in general, Panda Security recommends some tips on how to avoid them.

  • Keep your operating system up-to-date
  • Don’t open files from unknown or suspicious sources
  • Scan all downloads before running the downloaded files, or find different ways of transferring files
  • Don’t click suspicious links
  • Install an antivirus program

Leave a Reply

PUBLISHED BY Josie Witaschek

View all posts by Josie Witaschek

Related Posts

#MillenniumLive , Podcast

Listen to #MillenniumLive on Amazon Music!

2021 has been a year of milestones for our #MillenniumLive podcast – we released on Spotify, recorded our 100th episode, and we were joined by some of the most influential guests to date. Now we’re thrilled to announce that #MillenniumLive is available for listening on Amazon Music! Haven’t listened to our podcast before? Here’s the […]

#MillenniumLive , CIO , Data , Podcast

#MillenniumLive Episode: Getting Started on your Data Journey with Joe DosSantos from Qlik

This week #MillenniumLive welcomes back Joe DosSantos, the Chief Data & Analytics Officer at Qlik. Joe gives some insight on offensive vs defensive data strategies, the importance of data accessibility, and provides tips on starting your analytics journey. He emphasizes the importance of understanding what your data is, tagging it, organizing it, and making it […]

Healthcare

Experiential Retail: A Post Pandemic Guide

Contributed by our partners at AnyRoad Brick-and-mortar retailers saw significant reductions in foot traffic last year while e-commerce sales peaked in Q4 2020, but a natural balance is slowly returning as the pandemic subsides and competition among retailers is tougher than ever. As things open up, some brands (such as Home Depot, Williams Sonoma, etc.) […]

CISO

Transformational CISO Leader, Rinki Sethi, Keynotes Our November Assembly!

On November 8th, The Millennium Alliance Transformational CISO Assembly kicks off with a keynote address from Rinki Sethi, current Chief Information Security Officer (CISO) at Twitter. Rinki is an award-winning leader and executive with experience leading and developing innovative online security infrastructure for Fortune 500 companies like IBM, PG&E, Walmart.com, and eBay. She is recognized […]

Lovin’ Digital Diary?

Premium content to our readers interested in all things business.

Check Us Out!

Millennium Membership offers Fortune 1000 C-Level executives, leading public sector/government officials, and thought leaders across a variety of disciplines unique and exclusive opportunities to meet their peers, understand industry developments, and receive introductions to new technology and service advancements to help grow their career and overall company value.

About Millenium Alliance Next

About Digital Diary

Created to provide premium content to our readers interested in all things business.

Launched in 2017, Digital Diary was created to provide premium content to our readers interested in all things business. With our blogs catered to deliver the top news stories, trends, and interviews from across all industries.

Read all story Next

Millennium Alliance Membership

Learn More Next

What does it mean to be a Millennium Member? In the midst of the constant disruption across all industries, our members are given the tools they need to digitally transform their organizations and become the best leaders they can be. Millennium Members are provided the exclusive opportunity to attend our 40+ intimate in person and virtual Assemblies, take part in industry-leading Executive Education sessions conducted by the nation’s leading academic institutions, business leaders, and technology providers and receive industry leading content through our Digital Diary Platform as well as the rapidly growing #MillenniumLive Podcast Series.