Cyberattacks that target your applications are on the rise. In particular, advanced malicious bots are now the No. 1 cause of application-based attacks leading to successful breaches and extortion attempts. In addition, two kinds of client-side attacks — API exploits and software supply-chain attacks — are surging.
At last September’s Secured.22 — Barracuda’s virtual customer conference — attendees had the opportunity to get a clear, detailed explanation of how these highly destructive attack modes work, and how to effectively defeat them, at a session presented by Barracuda’s head of application security, Nitzan Miron.
Like all the Secured.22 sessions, this one, entitled “How Cybercriminals and Malicious Bots Cause Data Breaches,” is available to be viewed online. If you’re responsible for protecting your organization’s data and money against cybercriminals, I urge you to take a half hour to watch the recording and get yourself educated about these trending threats.
At the session, Nitzan begins by explaining in detail some of the various ways in which advanced bots are used to carry out attacks, including DDoS, shopping-cart fraud, and scraping. Perhaps most eye-opening, he lays out how the “bot supply chain” works. Turns out that it’s not a dark-web, underground enterprise, but rather a mature, legitimate market that openly advertises and delivers built-to-order bots that anyone can purchase and use to carry out attacks like these. Check out this brief excerpt from the session:
Nitzan goes on to discuss the factors that can make it very difficult to detect sophisticated, malicious bot activity. And he explains what it takes to overcome that difficulty, by using machine-learning systems that analyze hundreds of data points in real time — something that is simply not possible for a human analyst to do.
Bots have been around for a long time, and their increasing threat stems from innovations that make them much harder than before to distinguish from legitimate human users. In contrast, client-side attacks — including API exploits and software supply-chain attacks — are relatively new. This is because they’ve appeared in response to advances in application-development processes.
Previously, online applications were designed to render data on the server side, so that only the finished page was sent to the client web browser to display to the user. This prevented both raw data and the basic building blocks of an app’s code from being exposed in transit to the browser.
Today, however, the widespread use of APIs means that the application lives in the browser, and raw data is sent to the client browser to be rendered there. This has created new categories of vulnerability that can give attackers access to your data, as well as to the building blocks of your apps — including third-party code modules that can be compromised in software supply-chain attacks.
As with bot attacks, Nitzan provides a clear, detailed account of the steps needed to prevent both of these client-side attack modes from succeeding. And he concludes by walking us through the capabilities of Barracuda Cloud Application Protection, our full-featured solution for comprehensive application security.
It’s built on the proven technology of Barracuda WAF-as-a-Service, and it’s enhanced with advanced capabilities to detect and block malicious bots, ensure your APIs are fully protected, and prevent malicious code from compromising your apps via the supply chain.
Don’t leave your apps vulnerable to the latest, most advanced form of application-based cyberattack. Watch this highly informative and timely session to get the info you need to identify and eliminate your apps’ most high-risk vulnerabilities.
Copyright @2023 | All Right reserved
