1. Emulate Humans
Attackers design their bots to look and act like humans as much as possible in order to fly beneath the radar of bot detection systems.
2. Attack Mechanism
Open-source testing tools including Puppeteer, Playwright, and Selenium are used to automate scripts that mimic human behavior.
3. Helpful Plugins
Plugins are added to make attacks even stealthier and to autogenerate scripts without having to write code.
4. Attack Distribution
Attackers use residential proxy networks to hide amongst real users when applying their scripts.
5. Automated Attacks
Criminals launch malicious automation against websites to do their damage. Often in combination with stolen or purchased credentials to abuse account logins.
6. Lack of Visibility
Traditional security tools can’t identify/mitigate these attacks.
7. Outcome
Criminals monetize attacks and/or extract valuable data before most businesses are aware they’ve been attacked.