Story image

Malicious 'bad bots' account for more web traffic than ever before

28 Mar 18

‘Good bots’ and ‘bad bots’ are accounting for more web traffic than ever before – but the bad bots are going mainstream.

That’s according to Distil Networks, which released its Bad Bot Report 2018 this week. Amongst hundreds of billions of bad bot requests are potentially malicious activities controlled by competitors, hackers and fraudsters.

Bots are also used to conduct brute force attacks, account hijacks, competitive data mining, data theft, digital ad fraud, downtime, and online fraud.

According to Gartner, bots are also used for credential stuffing and scalping.

“The rise of more sophisticated bots in recent years therefore requires greater sophistication in detection and response,” the analyst firm says.

Distil Research Lab experts say that this year bots have dominated public conversation, particularly in the United States as the FBI continues to investigate possible Russian tampering of the 2016 US presidential election.

“Yet, as awareness grows, bot traffic and sophistication continue to escalate at an alarming rate. Despite bad bot awareness being at an all-time high, this year’s Bad Bot Report illustrates that no industry is immune to automated threats and constant vigilance is required in order to thwart attacks of this kind,” comments Distil Networks CEO Tiffany Olson Jones.

Here are some of Distil Networks' bad bot findings:

- In 2017, bad bots accounted for 21.8% of all website traffic, a 9.5% increase over the previous year. Good bots increased by 8.7% to make up 20.4% of all website traffic.

- For the first time, Russia became the most blocked country, with 20.7% of companies implementing country-specific IP block requests. Last year's leader, China, dropped down to sixth place with 8.3%.

- Gambling companies and airlines suffer from higher proportions of bad bot traffic than other industries, with 53.1% and 43.9% of traffic coming from bad bots, respectively. Ecommerce, healthcare and ticketing websites suffer from highly sophisticated bots, which are difficult to detect.

- 83.2% of bad bots report their user agent as web browsers Chrome, Firefox, Safari or Internet Explorer. 10.4% claim to come from mobile browsers such as Safari Mobile, Android or Opera.

- 82.7% of bad bot traffic emanated from data centres in 2017, compared to 60.1% in 2016. The availability and low cost of cloud computing explains the dominance of data centre use.

- 74% of bad bot traffic is made up of moderate or sophisticated bots, which evade detection by distributing their attacks over multiple IP addresses, or simulating human behaviour such as mouse movements and mobile swipes.

- Account takeover attacks occur 2-3 times per month on the average website, but immediately following a breach, they are 3x more frequent, as bot operators know that people re-use the same credentials across multiple websites.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.