Vendor says new service will offer insights into bot security threats and remediation advice based on marketplace research and dark web chatter. Credit: Thinkstock Cybersecurity vendor Netacea has announced the launch of a new Business Logic Intelligence Service (BLIS) designed to give customers actionable insight to help them tackle malicious bot activity and security threats. The firm said that the tiered, fee-based service will provide organizations with bot threat intelligence based on research including analysis of dark web forums and marketplaces. Earlier this year, the 2022 Imperva Bad Bot Report revealed an uptick in malicious bot activity driving online fraud and cyberattacks with bots becoming more sophisticated and better equipped to evade detection.Businesses take 16 weeks to respond to bot attacksIn a press release, Netacea stated that BLIS has been developed following requests from customers for actionable intelligence to help them tackle malicious bot activity more efficiently, adding that its own research discovered that businesses take an average of 16 weeks to respond to bot attacks. What’s more, most businesses do not understand what tools are effective against bots or who is behind bot attacks, Netacea said, warning that the end of the year is likely to see online retailers targeted with an increase in gift card bot campaigns.Netacea Principal Security Researcher Cyril Noel-Tagoe tells CSO, “Bots are used by cybercriminals to commit fraud, take over accounts, or steal sensitive data from businesses at scale. Our research revealed that bot attacks cost businesses around 3.2% of their online revenue. The FBI and ICO [the UK Information Commissioner’s Office] have also recently released warnings about credential stuffing, one of the attacks perpetrated using bots, with the latter calling it a significant and growing cyberthreat to personal information,” he adds. Depending on the selected tier, BLIS will offer customers annual, quarterly, or monthly threat reports identifying key bot threats, threat actors and tactics, techniques and procedures, and recommendations to reduce their threat exposure, Noel-Tagoe says. The new service is available as a stand-alone offering or to augment Natecea’s Bot Management solution, the vendor stated. Malicious bots becoming more sophisticated, impacting all industriesThe 2022 Imperva Bad Bot Report, published in May, discovered notable shifts in malicious bot activity last year. For example, “bad bot” traffic accounted for a record-setting 27.7% of all global website traffic in 2021, while bot-enabled attacks such as account takeover, scraping and scalping became more prevalent. There was also significant evidence of malicious bots being weaponized in relation to the Russia-Ukraine conflict, with Imperva witnessing a 145% spike in automated attacks targeting Ukrainian web applications between February 24 and March 1.The sophistication of malicious bots increased last year too, Imperva found, with “advanced” bad bots accounting for 25.9% of all bad bot traffic in 2021 compared to 16.7% in 2020. This was linked to changes in bot evasiveness, with “evasive bad bots” accounting for most of the bad bot traffic (65.6%), Imperva’s report stated. According to the firm, this breed of bots can evade common defenses via techniques such as cycling through random IPs, entering through anonymous proxies, changing their identities, mimicking human behavior, and delaying requests. Bad bots impacted all industries in 2021, Imperva added, citing mobile browsers like Mobile Safari and Mobile Chrome as the most common disguise option employed by malicious bots. Related content news NIST publishes new guides on AI risk for developers and CISOs Companion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals. By John Dunn May 01, 2024 4 mins Regulation Government Security Practices news analysis 5 key takeways from Verizon's 2024 Data Breach Investigations Report The rapid of exploitation of zero-day vulnerabilities, such as MOVEit, and the effectiveness of ransomware attacks are two of the major findings from last year’s breach data. By Rosalyn Page May 01, 2024 5 mins Data Breach Zero-day vulnerability Data and Information Security feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff May 01, 2024 15 mins Technology Industry IT Skills Events feature 3 Windows vulnerabilities that may not be worth patching Some vulnerabilities eat up a security team’s time and resources yet provide little or nothing in the way of true protection. Some may even introduce more risk to a network. By Susan Bradley May 01, 2024 7 mins Windows Security Patch Management Software Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe