In today's digital landscape, the battle between industry and automated bots is an ever-evolving challenge. Attackers are leveraging advanced techniques such as residential proxies, CAPTCHA farms, and AI-enhanced fingerprint rotations to evade detection and execute functional abuse attacks, including web scraping, denial of inventory, and SMS pumping.
This talk will explore ongoing efforts to detect and mitigate these automated threats in a real-world environment, focusing on new work-in-progress approaches. We will delve into new strategies to counter the rise of automated attacks, such as AI-driven detection models, reputation databases, and timing measurements. Additionally, we will discuss the usage of techniques like mirroring real websites to lure and mislead attackers, and the shift towards analyzing functional behavior rather than relying solely on fingerprinting. Throughout the talk, we will consider the challenges and limitations of implementing these solutions within a large-scale, real-world company, and invite discussion on how to overcome these obstacles.