Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Leadership and ManagementLogical SecurityCybersecurity News

The role of bots in API attacks

By Bret Settle
bots-freepik1170x658.jpg

Image via Freepik

October 28, 2022

Bots are playing an increasingly prominent role in cyberattacks. For instance, cyberattackers recently used bots to steal patient pharmacy accounts and resell prescriptions.; and, the “Grinch bots” were used during the holidays last year to purchase popular items en masse, only for organizations to resell them at a huge markup on the black market. 


Bot use doesn’t stop with stolen logins and prescriptions, however. As the war in Ukraine continues on both the physical battlefield and cyberspace, Ukrainian cyber police uncovered and shut down a 1,000,000-bot farm. Many of these bots were used to peddle Russian disinformation and propaganda on social media. This comes on the heels of a Federal Bureau of Investigation (FBI) operation earlier this year that disrupted another Russian botnet that distributed the Cyclops Blink malware.


While these attacks underscore the range of bots being used for malicious purposes, they also highlight their popularity as a tool for both state-sponsored groups and cybercriminals alike. Bots aren’t going to go away anytime soon, so it is imperative that we fully understand what bots are and how they are used to better mitigate the threat that they pose. 


Bot 101, or rather, 01100010 01101111 01110100 

A “bot” is really just a robot, but not like the ones you may see in a science fiction movie. At a foundational level, a bot is a program that can send HTTP traffic to a system from an IP address. A botnet is a network of bots that can leverage several IP addresses. 


Defending against bots is challenging because they can be difficult to detect. Further,  you can’t possibly be expected to block all IP addresses because this would seriously degrade your enterprise’s ability to operate - imagine what blocking all online traffic would do for a retail store’s bottom line. This is why, historically, bots have been used to overwhelm defenses for distributed denial of service (DDoS) attacks. For example, the Mantis botnet was responsible for one of the largest DDoS attacks in history, with 26 million requests per second. 


How bots can be used to attack APIs

While any instance of bots being used in cyberattacks is a cause for concern, bots have been used more often in API attacks. One of the main reasons for this is that APIs are built for multiple clients, so they are more likely to expose too much information and be left unsecured. 


Botnets enable threat actors to automate many of their processes and tactics when attacking APIs. For instance, bots can improve discovery for threat actors looking to probe for weak spots in your defenses. They can map web apps, identify vulnerabilities while remaining under the detection threshold, and avoid triggering tripwires in defenses. A good way to think about this is if they know that three failed login attempts in a credential stuffing attack result in one of their IP addresses getting blocked, then they’ll make two failed login attempts and move on to the next IP address. 


Threat actors also use bots as a distraction. In this instance, botnets trigger hundreds, or thousands, of alerts that security teams need to follow up on. This allows threat actors to obscure their true intentions, like enumerating IDs, while security teams are tied up in investigations.  


Additionally, the more bots a threat actor has, the faster they can move while conducting their operations. What all this comes down to is that threat actors may throw a bunch of bots at an API endpoint, hoping that there is no authentication and they can bring back a bunch of data. 


Protecting your APIs from bots

When it comes to protecting your APIs from bots, remember that threat actors often want to follow the path of least resistance and want to automate their hacking capabilities. When designing a strategy to defend APIs, security teams and developers should make it too painful and expensive for threat actors to keep attacking, knowing that they do not want their stolen IP addresses to be blocked, as that will cost both time and money. So, every time an IP address that threat actors paid for is permanently blocked, they have one less IP address to use for bot attacks. Bonus points for sharing that blocked IP address across customers, which further constrains the use of that specific IP address.


Consider it this way: in the gaming community, it’s a commonplace for some gamers to try and cheat by abusing inherent game mechanics, allowing them to gain an advantage. Ultimately, some developers have decided to build defenses that would make the time spent trying to cheat or break the game more than the time spent enjoying the game. This changes the calculus for someone deciding how to spend their time.


Bots aren’t going away anytime soon. In fact, we can expect that their use will only continue to increase. Understanding how bots are attacking APIs is a great way to begin working to mitigate the threat. 

KEYWORDS: API security bots cyber security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bret Settle is co-Founder and Chief Strategy Officer at ThreatX.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Cybersecurity
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Cyber Liability Insurance: Moving from Insurance to Assurance; cyber security news

    How to protect businesses against the threat of ransomware attacks and the role of cyber insurance

    See More
  • Drones: A Security Tool, Threat and Challenge - Security Magazine

    The role of drones in bolstering the operational efficiency of today’s security measures

    See More
  • The Role of Universities in Preparing the Next Generation of Security Professionals

    See More

Related Products

See More Products
  • The Database Hacker's Handboo

  • Risk Analysis and the Security Survey, 4th Edition

See More Products

Events

View AllSubmit An Event
  • June 3, 2026

    The Role of AI and Video in Measuring Health, Safety, and Security Standards

    ON DEMAND: OSHA fines grab headlines, but most compliance issues start with everyday operational gaps: missed protocols, unsecured areas, or slow response. Learn how emerging technologies & AI can be leveraged towards more proactive compliance.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing