BLADE provides a standard approach to combatting malicious bot attacks across a broad range of industries.
Netacea, a bot detection and mitigation specialist, unveiled today the world’s first bot management framework. The Business Logic Attack Definition Framework (BLADE) sets the stage for shared understanding and knowledge among vendors, cybersecurity professionals and customers who proactively tackle an increasing number of malicious bot threats. Available as an open-source framework, BLADE is based on extensive input from businesses, industry influencers and Netacea’s own in-depth research into threat group activities and bot attack cycles.
“As MITRE Corporation have demonstrated with their ATT&CK matrices, having a framework to build a shared understanding of abuse of our systems can be a great enabler for defenders. As other retailers of limited-edition high demand “hype” products have also found, the use of bots poses a significant business challenge and having a structured means to develop and share understanding within the business and with partners is welcome,” said Simon Goldsmith, Team Lead for Information Security Strategy and Programmes at Adidas. “I believe contributors to the BLADE framework will see significant business benefits in sharing their knowledge. It proves a commitment to collaboration in solving an important problem, and we look forward to developing and further proving its value.”
Netacea discovered that bots comprise separate specialised automated processes that work as one to infiltrate businesses. These bots take a modular approach to attacks and are programmed to overcome any challenge, such as CAPTCHA.
Netacea was able to detail the six stages of a scalper bot attack in the BLADE framework:
- Resource Development (Pre-Attack) – Adversaries build or attain access to the infrastructure they will need in launching the attack (such as proxies to hide the actual source of the attack).
- Attack Preparation – Adversaries start preparing the attack by creating accounts and aggregating them under a single control point.
- Reconnaissance – Adversaries look for a specific item like a PS5 and the exact moment it becomes available.
- Defence Bypass – Adversaries might be challenged by defences, such as CAPTCHA, during any of the attack stages. This module design will kick in if this occurs, bypass the defence and hand control back to the bot module managing reconnaissance.
- Attack Execution – When the item is identified as available, the bot will automatically execute the attack by purchasing the item.
- Post Attack – After the product is purchased, adversaries will seek to bring it into their position while bypassing any restrictions on one item per customer or address.
Once the attack stages for a scalper bot attack were confirmed, Netacea analysed the tactics, techniques and processes of other types of bot attacks and captured all automated bot threats and their lifecycles in a series of comprehensive kill chains.
“The threat landscape has been shrouded in ambiguity and misinformation for too long, and bot actors have taken advantage of it to cause significant damage which costs businesses globally,” said Matthew Gracey-McMinn, Head of Threat Research at Netacea. “Taking inspiration from the MITRE ATT&CK Framework, our ambition with BLADE is to silence the noise in the industry, provide security operation teams with a level of understanding and knowledge that has not yet been available, and empower those teams to detect and mitigate malicious bot attacks. Our goal? Help stop bots in their tracks – no matter who is doing the stopping.”
Netacea’s research also uncovered that many organisations behind bots operate professionally, with consultants, help desks and highly specialised infrastructure providers accessible through covert forums. This has contributed to the easy availability of bots by bad actors from all walks of life.
Gracey-McMinn said as bot attacks grow in volume and sophistication, bot defence systems must mature and develop to combat the evolving threat. “Our latest survey, which will soon become available, found that on average it takes businesses three months to detect that a bot attack has occurred. This is in part due to the lack of a unified approach and shared language in the bot community and a lack of understanding around the methods and motivations behind bot attacks. The absence of methodology and framework has left the door open for threat actors to continually exploit businesses in a way that leads to reputational damage, lost revenue and skewed website analytics,” he said.
- Biometric authentication: the good, the bad and the ugly
- You’ve had a breach – how do you successfully roll out an emergency patch?
- How to successfully reopen your office in a post-Covid-19 world
- Common migration pitfalls and how to avoid them
Netacea, a bot detection and mitigation platform, takes a smarter approach to bot management and is a recognised leader for its innovative use of threat intelligence and machine learning. Netacea’s Intent Analytics™ engine analyses web and API logs in near real-time to identify and mitigate bot threats. This unique approach provides businesses with transparent, actionable threat intelligence that empowers them to make informed decisions about their traffic.
For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!