SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Malicious 'bad bots' account for more web traffic than ever before
Wed, 28th Mar 2018
FYI, this story is more than a year old

‘Good bots' and ‘bad bots' are accounting for more web traffic than ever before – but the bad bots are going mainstream.

That's according to Distil Networks, which released its Bad Bot Report 2018 this week. Amongst hundreds of billions of bad bot requests are potentially malicious activities controlled by competitors, hackers and fraudsters.

Bots are also used to conduct brute force attacks, account hijacks, competitive data mining, data theft, digital ad fraud, downtime, and online fraud.

According to Gartner, bots are also used for credential stuffing and scalping.

“The rise of more sophisticated bots in recent years therefore requires greater sophistication in detection and response,” the analyst firm says.

Distil Research Lab experts say that this year bots have dominated public conversation, particularly in the United States as the FBI continues to investigate possible Russian tampering of the 2016 US presidential election.

“Yet, as awareness grows, bot traffic and sophistication continue to escalate at an alarming rate. Despite bad bot awareness being at an all-time high, this year's Bad Bot Report illustrates that no industry is immune to automated threats and constant vigilance is required in order to thwart attacks of this kind,” comments Distil Networks CEO Tiffany Olson Jones.

Here are some of Distil Networks' bad bot findings:

- In 2017, bad bots accounted for 21.8% of all website traffic, a 9.5% increase over the previous year. Good bots increased by 8.7% to make up 20.4% of all website traffic.

- For the first time, Russia became the most blocked country, with 20.7% of companies implementing country-specific IP block requests. Last year's leader, China, dropped down to sixth place with 8.3%.

- Gambling companies and airlines suffer from higher proportions of bad bot traffic than other industries, with 53.1% and 43.9% of traffic coming from bad bots, respectively. Ecommerce, healthcare and ticketing websites suffer from highly sophisticated bots, which are difficult to detect.

- 83.2% of bad bots report their user agent as web browsers Chrome, Firefox, Safari or Internet Explorer. 10.4% claim to come from mobile browsers such as Safari Mobile, Android or Opera.

- 82.7% of bad bot traffic emanated from data centers in 2017, compared to 60.1% in 2016. The availability and low cost of cloud computing explains the dominance of data center use.

- 74% of bad bot traffic is made up of moderate or sophisticated bots, which evade detection by distributing their attacks over multiple IP addresses, or simulating human behaviour such as mouse movements and mobile swipes.

- Account takeover attacks occur 2-3 times per month on the average website, but immediately following a breach, they are 3x more frequent, as bot operators know that people re-use the same credentials across multiple websites.