the growing use of ai - sita.aero · •organised crime want to steal air miles ... this is why...
TRANSCRIPT
2018 THE YEAR BOTS WENT MAINSTREAM
This was the year that bots went mainstream. Today, it would be difficult for anyone to
claim ignorance of the term bots after such a tumultuous twelve months. No longer
are bots the preserve of cyber security experts. Instead, even the FBI is investigating
their use into influencing the results of the last US presidential election.
The reality is that bad bots account for more than one-fifth of all internet traffic. And
most of it isn’t targeting political elections, exploiting social media platforms, or buying
concert tickets. Rather, the majority of bad bots are doing something else—damaging
the economy and hurting businesses all over the world.
| Growing use of AI | Confidential | © SITA 20182
WHAT BAD BOTS DO
Left unaddressed, bad bots cause very real business problems that could harm the
success— or even the continuance—of your organization. Examining the problems
doesn’t require deep knowledge of the technology behind attacks or the techniques
used to prevent them. Instead it requires a solid understanding of your business.
• Every business with an online presence is regularly bombarded by bad bots on its
website, APIs, or mobile apps.
• Unchecked bad bots cost businesses money every day. Different from the problem
of data breaches, which are somewhat rare, automation abuse happens 24 × 7 ×
365 because bad bots never sleep.
• Bad bots are on your website for a purpose. Understanding what that purpose is
helps you address the problem
| Growing use of AI | Confidential | © SITA 20183
BAD BOT REPORT
• The 2018 Bad Bot Report investigates the daily attacks sneaking past sensors and
wreaking havoc on websites. It’s based on 2017 data collected from Distil Networks’
global network, and includes hundreds of billions of bad bot requests, anonymized
over thousands of domains.
• Bad bots interact with applications in the same way a legitimate user would, making
them harder to detect.
| Growing use of AI | Confidential | © SITA 20184
2018 BAD BOT REPORT
Among travel companies, airlines are
most affected by bad bot attacks.
Airlines rank second only to gambling
sites as targets of bad bot actors
among all industries—43.9% of airline
website traffic is bad bot traffic.
Airlines rank third among the targets of
sophisticated bad bots, with 19.7% of
traffic coming from this category of
actors. Travel sites rank fourth, with
19.1% of their traffic coming from
sophisticated bad bots.
| Growing use of AI | Confidential | © SITA 20185
2018 BAD BOT REPORT
Defining the threat level
Distil Networks has created an industry-standard classification of bots by threat level,
which breaks these down into four distinct categories of threat.
• Simple – Connecting from a single, ISP-assigned IP address, this type connects to
sites using automated scripts, not browsers, and doesn’t masquerade as being a
browser.
• Moderate – More complex, this type uses “headless browser” software that
simulates browser technology—including the ability to execute JavaScript.
• Sophisticated – These bad bots mimic human behaviour and are the most evasive.
They can produce mouse movements and clicks that fool even sophisticated
detection methods. They use browser automation software, or malware installed
within real browsers, to connect to sites.
| Growing use of AI | Confidential | © SITA 20186
2018 BAD BOT REPORT
Airlines had an Advanced persistent bots
(APBs) Problem –These combine
moderate and sophisticated technologies
and methods to evade detection while
maintaining persistency on targeted sites.
They tend to cycle through random IP
addresses, enter through anonymous
proxies and peer-to-peer networks, and are
able to change their user agents.
Of the bad bots that work by impersonating
real visitors on browsers, 72.4% mask
themselves as using Chrome and Firefox.
| Growing use of AI | Confidential | © SITA 20187
BAD BOTS FLY ON AIRLINES
• Airline prices are scraped not only by direct competitors, but also by third-party
players in the expansive travel ecosystem.
• Unauthorized online travel agencies (OTAs), competitors, price aggregators, and
metasearch sites use sophisticated scraping bots to abuse the business logic of
booking engines. Querying for any ticket they can sell, they skew look-to-book
ratios, increase GDS transaction costs, and are responsible for site slowdowns and
downtime—causing customer dissatisfaction during disruptions. They dynamically
package seat inventory with other products, stealing direct and ancillary revenue.
And, they insert their own email addresses into reservations, thereby taking control
of remarketing opportunities.
• In addition, airlines suffer from account takeover issues as bad bot operators
attempt to get into user accounts and empty them of air miles balances
| Growing use of AI | Confidential | © SITA 20188
Fraud - Customer Data & Loyalty Rewards Points
● Account takeovers access loyalty programs
● Stolen rewards points used to purchase goods
or converted to cash
● Brand damage
● Increased chargebacks
● Increased customer support costs
Slowdowns and Downtime of IBE Web Portal
● Aggressive scraping puts strain on
infrastructure
● Poor customer experience
● Brand damage and customer churn
● Lower conversion rates and revenue loss
Content and Price Scraping
● Prices and flight details
● Spinning and hoarding of seats
● Revenue loss to competitors
● Stealing customers with your content
● Content theft leads to negative SEO
Look Higher Look-to-To-Book Ratios &
Higher GDS Fees
● Bots conduct costly searches causing
increased GDS fees
● Competitors avoid GDS fees by
scraping your site
● Your look-to-book ratio crumbles
worsening reputation with GDS partners
BAD BOT IMPACT TO AIRLINES
| Growing use of AI | Confidential | © SITA 20189
WHO TARGETS BOTS AT AIRLINES
• OTAs - Will want to find out what airlines are charging, compared with the prices
they charge them.
• OTAs - May want to book directly using airlines website. Avoid entering into a
commercial relationship. This means they can defect serious money their way by
‘stealing’ an airline’s ancillary revenue from car hire or hotels.
• Competitive airlines may want to adjust the price they are selling tickets based on
availability of other airline services and the price they are charging.
• Organised crime want to steal air miles - using ATO credential stuffing attacks
| Growing use of AI | Confidential | © SITA 201810
THE PROBLEM IS GETTING WORSE
• Bad Bots Are Up From Last Year
• In 2017, 42.2% of all internet traffic
wasn’t human, and there were
significant year-over-year increases
in both bad bot (+9.5%) and good
bot (+8.8%) traffic.
| Growing use of AI | Confidential | © SITA 201811
THE PROBLEM IS GETTING WORSE
• CAPTCHA on websites also a problem due to accessibility rules for airlines (US
DOT Accessibility Requirements)
• Bot issues on airline booking engine and login definitely lead to all of the slowdown,
increased infrastructure costs and general technical pain.
• In Asia this problem seems worse. Distil has protected airlines who have 98% bad
bot traffic.
• This issue alone - saving potentially 98% of CPU cycles - is a very compelling case
to control bot traffic.
| Growing use of AI | Confidential | © SITA 201812
THE PROBLEM IS GETTING WORSE
Frequency of Account Takeover Attacks
• Every time there is a breach and credentials are made readily available, any
business with a login page should get ready for a rise in volumetric credential
stuffing attacks.
• Here, bot operators make two assumptions. The first is that people reuse their
credentials on many websites. The second is that newly stolen credentials are more
likely to still be active. This is why businesses should anticipate bad bots running
those credentials against their website after every breach.
• With the increase in breaches and the billions of available stolen credentials, the rise
of account and credential fraud activity by bot operators has been startling.
| Growing use of AI | Confidential | © SITA 201813
THE PROBLEM IS GETTING WORSE
Frequency of Account Takeover Attacks
• The typical website sees account takeover attacks happen on average 2-3 times per
month. But immediately following a breach, the increase in the number of account
takeover attacks is 3 times the norm.
• For airlines loyalty there is a huge incentive for organised crime.
• Personnel details for high net worth individuals can be extracted
• Stolen rewards points used to purchase goods, first class tickets or converted to
cash and sold and traded on the dark web.
| Growing use of AI | Confidential | © SITA 201814
RECOMMENDATIONS
1. BLOCK OR CAPTCHA OUTDATED USER AGENTS/BROWSERS:
The default configurations for many tools and scripts contain user-agent string
lists that are largely outdated. This step won’t stop the more advanced attackers,
but it might catch and discourage some.
2. BLOCK OR CAPTCHA Data Centre Traffic
| Growing use of AI | Confidential | © SITA 201815
RECOMMENDATIONS
3. PROTECT EVERY BAD BOT ACCESS POINTBe sure to protect exposed APIs and mobile apps—not just your website
4. CAREFULLY EVALUATE TRAFFIC SOURCESMonitor traffic sources carefully. Do any have high bounce rates? Do you see lower conversion rates from certain traffic sources? These can be signs of bot traffic.
5. INVESTIGATE TRAFFIC SPIKESTraffic spikes appear to be a great win for your business. But can you find a clear, specific source for the spike? One that is unexplained can be a sign of bad bot activity.
6. MONITOR FOR FAILED LOGIN ATTEMPTSDefine your failed login attempt baseline, then monitor for anomalies or spikes. Set up alerts so you’re automatically notified if any occur. Advanced “low and slow” attacks don’t trigger user or session-level alerts, so be sure to set global thresholds.
| Growing use of AI | Confidential | © SITA 201816
RECOMMENDATIONS
7. PAY CLOSE ATTENTION TO PUBLIC DATA BREACHESNewly stolen credentials are more likely to still be active. When large breaches occur anywhere, expect bad bots to run those credentials against your site withincreased frequency.
8. EVALUATE A BOT MITIGATION SOLUTIONThe bot problem is an arms race. Bad actors are working hard every day to attack websites across the globe. The tools used constantly evolve, traffic patterns and sources shift, and advanced bots can even mimic human behaviour. Hackers using bots to target your site are distributed around the world, and their incentives are high. In early bot attack days you could protect your site with a few tweaks; this 2018 bad report shows that those days are long gone. Today it’s almost impossible to keep up with all of the threats on your own.
| Growing use of AI | Confidential | © SITA 201817
AIRLINE BOT MITIGATION
“It is a constant arms race. I don’t think that there will be one solution that will
be able to solve all of these problems. With continued effort, not only in
building better solutions but also helped by legislation and policy, I think we
can get to the point where we can keep these attacks at bay. What we try to
do with our individual customers is that the more friction that you introduce,
the more cost it is for an attacker. The more costly it is to them, they have to
do a cost-benefit analysis.”
Anna Westelius – Senior Director of Security Research – Distil
Networks.
| Growing use of AI | Confidential | © SITA 201818