Defending against evolving bad bots

Thursday
 
28
 
November
11:05 am
 - 
11:45 am
Topic
Cloud Security / Network Systems / End-User Devices
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 105
Theme
Cyber Security Infrastructure

Speakers

Adam Cassar
Adam Cassar

Adam Cassar

Adam Cassar

Co-Founder
Peakhour
Daniel D'Alessandro
Daniel D'Alessandro

Daniel D'Alessandro

Daniel D'Alessandro

Director of Performance
Peakhour.io

Synopsis

Our digital world is evolving fast. So too are the methods used by attackers. This talk looks at the latest threats from sophisticated bots and how to defend against them effectively. We cover recent changes in bot technology, advanced techniques for spoofing, and strategies for spotting and stopping these threats.

Attackers have greatly improved the capabilities of bots, using tools that mimic human interactions almost perfectly. This presentation explores these new technologies and their impact on website security.

Advancing Bot Technology:

Shift from simple bots to advanced tools like headless Chrome, which closely imitates human actions.

Developments in technologies like Selenium driverless that help bots avoid traditional detection methods.

Advanced Spoofing Techniques:

Use of sophisticated libraries that allow bots to disguise their digital fingerprints, making them appear as legitimate users.

Tools like Nobel TLS that help attackers create believable identities to bypass standard security measures.

Behavioural Mimicry:

Attackers now use libraries that simulate human-like mouse movements, making it hard for simple analysis tools to spot them.

Residential Proxies:

Use of services like Bright Data to send bot traffic through real residential IP addresses, which makes it tough to detect and block them based on IP analysis alone.

Bot-as-a-Service:

The rise of services that provide sophisticated bot capabilities through APIs, making it easy for even novice attackers to carry out complex attacks.

Traditional CAPTCHAs Losing Effectiveness:

Advances in AI have made it possible for bots to solve CAPTCHAs quickly, using technology that recognises images and sounds.

Credential Stuffing and Automated Attacks:

Tools like Open Bullet 2 streamline the process of using stolen credentials, complete with features that easily bypass CAPTCHAs.

Mitigation Strategies:

Essential to implement multi-factor authentication, detect disposable emails, and use phone verification to block some attacks.

Vital to use advanced bot detection tools like DataDome, which rely on real-time behaviour analysis, detailed fingerprinting, and proxy detection.

Conclusion:

Our talk stresses the need for a multi-layered approach to security and the use of the latest tools to protect against sophisticated bots. By keeping ahead of these developments, websites can better defend against these growing threats.

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country