For decades, moviegoers have sat on fold-down seats in crowded theatres to watch robots invading the world. Robots play the role of villain, sidekick, and even the hero. The Star Wars duo R2D2 and C-3PO are cultural icons of faithful friendship, while the Terminator only confirms our fears that robots will one day turn on us.

As technology advances, we see robots more and more in our daily lives, harkening both the thrill and fear that was previously felt only in movie theatres.

Just as robots play the hero in film, they can certainly play the hero in real life as well. iovation’s SureScore provides machine learning intelligence to identify behavior associated with fraud and significantly reduce the need for manual reviews. A true hero, indeed.

But that is a story for a different day. Our focus today is on a more villainous robot, perhaps one of the most despicable robots of the modern era.

Insidious Botnets

A botnet is not a single robot, but a group of internet-connected devices that have been compromised, usually without the knowledge of the unsuspecting user.


Using multiple command and control computers, the botnet exploits vulnerable computers connected to the internet and spreads malware from one device to another. These computers, now a part of the larger botnet, can then be used to overwhelm commercial targets with massive attacks of distributed denial of services (DDoS) to disrupt business operations, to send illegal SPAM to consumers, or to execute phishing schemes and steal user credentials and personal information.

The botnet master, typically a cybercriminal located in a high-risk geographic region or using a high-risk ISP, can leisurely sit back and let the bots do most of the work. Or, as we found as an emerging trend in our 2019 Gambling Report, cybercriminals use bot attacks to create a distraction while they perpetrate other fraudulent activity such as account takeover. Because of the larger scale attack, these other fraudulent actions often go undetected.

In 2018, the security firm Cybereason created a fake server, also known as a honeypot, masquerading as a financial services company to track how a bot takeover would work. Within two hours of being online, the bot found the server. Over the next 15 seconds, the bot had exploited vulnerabilities, stolen credentials, and created new user accounts. Who needs humans with that kind of robotic villain efficiency?

As botnets get smarter, more pervasive, and more cunning, our strategies to combat them must evolve. Traditional high-velocity botnet attacks could be stopped with a combination of firewall configuration and third-party packet scrubbing services, but criminals have introduced new slow botnet attacks that make it more difficult for website firewalls to distinguish botnet traffic from legitimate traffic. The old strategy of finding a bot based on a specific malware signature by detecting a single node (infected PC) is ineffective.

As we learned from any good cinematic rendering, the device itself is not the true villain but simply the conduit for devious deeds. Depending on the severity and time elapsed since the last attack, the device may still be vulnerable for future botnet activity.

New Botnet Risk Detection

iovation is proud to offer new functionality to help fraud teams identify the botnet risk on transactions within FraudForce, our comprehensive fraud detection, and prevention solution. The Botnet Risk Score considers several key factors including the severity of previous botnet attack and how long it’s been since any previous botnet activity. Tracking network patterns and botnet activity contributes to a powerful, multi-pronged strategy to combat botnets up front.

A comprehensive botnet prevention strategy program must understand the larger context of the fraud that is being committed through the botnet attacks. Integrated with our robust device intelligence consortium providing device and session insight, iovation’s botnet risk score gives you that additional context on the riskiness of a transaction with immediate alerts on account or credential compromises.

To learn more about the dastardly tactics of botnets, the fraud they are trying to commit, and how you can stop them, download our Botnet Solution Brief.