"Researchers Block "Largest Ever" Bot Attack"

Security researchers at Imperva claim to have stopped the largest bot attack they’ve ever seen, leveraging 400,000 compromised IP addresses to scrape web data.  The researchers stated that the large-scale botnet generated 400 million requests from the IP addresses over four days, comprising around 10 requests per IP per hour on average.  The researchers spotted the 30-fold surge in traffic volume to the impacted site and mitigated the attack.  The victim was a job listings site with a presence in six countries.  The attack was designed to harvest job seekers’ profiles from the site.  The researchers noted that the OWASP Foundation considers web scraping as an automated threat (OAT-011), defined as collecting accessible data and/or processed output from the application.  The researchers warned that while web scraping treads a fine line between business intelligence and violating data privacy, it remains one of the most prominent automated attacks affecting organizations today.  Scraping can result in lower conversion rates, skewed marketing analytics, a decrease in SEO ranking, website latency, and even downtime (usually caused by aggressive scrapers).
 

Infosecurity reports: "Researchers Block "Largest Ever" Bot Attack"