Massive botnet attack that generated 400 million requests stopped
Texas RE Announcement Encouraging Texas Interconnection Entities to Submit Reliability and Security Technical Committee (RSTC) Nominations
February 21, 2022Vulnerability found in WordPress plugin with over 3 million installations
February 21, 2022
Summary:
Security researchers claim to have stopped the largest bot attack they have ever seen, leveraging 400,000 compromised IP addresses to scrape web data. The large-scale botnet generated 400 million requests from the IP addresses over four days, comprising around 10 requests per IP per hour on average. Its mitigation service spotted the 30-fold surge in traffic volume to the impacted site and mitigated the attack. The victim in this case was a job listings site with a presence in six countries. The attack was designed to harvest job seekers’ profiles from the site. “Web scraping is considered by the OWASP Foundation as an automated threat (OAT-011), defined as collecting accessible data and/or processed output from the application. While web scraping treads a fine line between business intelligence and violating data privacy, it remains one of the most prominent automated attacks affecting organizations today. (Source: Info Security Group)
Additional Discussion:
Web Scraping is the use of automated software (also known as bots) to extract content and data from a website. It is considered by the OWASP Foundation as an automated threat (OAT-011), defined as collecting accessible data and/or processed output from the application. While Web Scraping treads a fine line between business intelligence and violating data privacy, it remains one of the most prominent automated attacks affecting organizations today. Scraping can result in lower conversion rates, skewed marketing analytics, decrease in SEO ranking, website latency, and even downtime (usually caused by aggressive scrapers).
Links
