Experts talked about a new pattern of attacks on applications

A bot attack with an unusual execution scenario occurred from March 13 to March 19 on the application of one of the major Russian airlines. More than 2.5 thousand individual bots requested flight searches and ticket prices for popular destinations using both home IP addresses and proxies from Russia, the United States, Singapore, Germany and Canada. The intensity of bot requests was quite low — within 60 per second from the entire botnet. Georgy Tarasov, Curator.CDN product manager, told Izvestia about this.

"The technical feature of this bot attack was that its authors did not direct traffic directly to the main host of the airline's resource, but to the domain used to send static content — images, videos, JS and CSS files. This domain is served by the Curator.CDN network, which caches content and transmits it from its servers in most major Russian cities," he said.

The attackers' calculation was that CDN nodes are on the trusted access lists of the customer's servers and requests redirected through the CDN network will be processed without additional checks for DDoS or bot activity.

Confuse the Networks: software failures at the end of the year were most frequently recorded in retail and logistics

Difficulties arise from the departure of software vendors and increased attacks, experts say

"The more massively online businesses use CDNs and at the same time DDoS and bot protection on their websites and mobile applications, the more opportunities there are for such an attack, and the higher its popularity will be. If the pages of a website or the API of an application cannot be directly accessed by a bot due to countermeasures, then there is motivation to look for and try such workarounds. I believe the popularity will grow, but this vector will not become the most widespread among bot attacks," he said.

The websites of airlines and ticket sales services are attacked quite often, confirmed Mikhail Khlebunov, Director of Servicepipe products. There has been a surge since 2022, as air transportation market participants periodically encounter network DDoS attacks, application-level attacks, as well as advanced bots. For such players, the availability of services is critical, because most often they are well protected and use the services of more than one service provider to protect against DDoS attacks and advanced bots.

"It is not surprising that when conducting bot attacks on industry players, bots use non-standard approaches, among other things. For example, when malicious automation mimics not people buying airline tickets, but requests from CDN nodes. What is, in fact, a natural development of attacks: The more businesses use CDNs, the higher the likelihood of bot attacks simulating CDN node requests," the expert concluded.

Earlier, on February 21, it was reported that the average duration of a cyberattack on Russian companies in 2024 was 51 minutes, which is 21% less than in 2023, according to data from Informzashita. Experts attribute this negative trend to the proliferation of stilers, the development of hacker service platforms, and the use of artificial intelligence by attackers.