Threat Intelligence

Battling Bots Brings Big-Budget Blow to Businesses

Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.

A new report carries the unsurprising news that battling botnet attacks is a way of life for modern business security teams — a way of life that carries heavy costs in both technology and personnel.

"The Critical Need to Deal with Bot Attacks," published by Osterman Research, surveyed more than 200 large organizations with a mean employee count of just over 16,000. All had externally facing Web applications with login pages and were actively working to prevent, detect, and remediate attacks against those applications.

According to the report, the average company surveyed suffers 530 botnet attacks each day, though some organizations see thousands of attacks each day, with some attacks probing millions of potential victim accounts every hour.

The numbers in the Osterman Research report broadly mirror those seen in other security reports issued in 2018. One example is Akamai's "Summer 2018 State of the Internet/Security: Web Attacks Report," which noted that many botnets follow a "low and slow" tactic of probing accounts in at attempt to remain undetected by automated systems, while others floor victims with probes in a strategy of overwhelming defenses and retrieving valued information.

In the face of recent attacks, such as that against Starwood/Marriott, in which the attack's "dwell time" inside the database was roughly four years, the average time to detect a botnet attack reported in the Osterman Research survey — 48 hours — may seem remarkably fast. Add in another 48 hours for remediation, and first attack to remediation is four days. In a public-facing Web application, though, that can mean four days of data exfiltration or four days of reduced application access due to a denial-of-service attack, depending on the nature of the botnet.

And keeping the response time as short as it is requires an organization to devote expensive, precarious resources to the battle. According to Osterman Research, most organizations — three in five — have no more than two staff members devoted to a botnet response, while only one in five devotes four or more staff members to the fight.

Each of those staff members is expensive, with the fully burdened cost of a bot-fighting security specialist averaging more than $141,000 each year. Each of those staff members is kept busy working with multiple pieces of equipment, as 91% report using a Web application firewall, 49% an IPS/IDS, 40% a SIEM, and lower percentages other technology in combination to combat Web attacks.

According to the report, the average organization now has 482 potential applications vulnerable to bot attacks and spends an average of 2,600 person-hours per year managing the threat. In the report's final section, on dealing with the threat, the No. 1 recommended activity is for an organization to understand the full cost of responding to bot-based threats to Web security so that appropriate steps can be taken to battle the automated attackers.

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18913
PUBLISHED: 2019-03-21
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location with...
CVE-2018-20031
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2018-20032
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon t...
CVE-2018-20034
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2019-3855
PUBLISHED: 2019-03-21
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.