sb-nz logo
Story image

Malicious 'bad bots' account for more web traffic than ever before

28 Mar 2018

‘Good bots’ and ‘bad bots’ are accounting for more web traffic than ever before – but the bad bots are going mainstream.

That’s according to Distil Networks, which released its Bad Bot Report 2018 this week. Amongst hundreds of billions of bad bot requests are potentially malicious activities controlled by competitors, hackers and fraudsters.

Bots are also used to conduct brute force attacks, account hijacks, competitive data mining, data theft, digital ad fraud, downtime, and online fraud.

According to Gartner, bots are also used for credential stuffing and scalping.

“The rise of more sophisticated bots in recent years therefore requires greater sophistication in detection and response,” the analyst firm says.

Distil Research Lab experts say that this year bots have dominated public conversation, particularly in the United States as the FBI continues to investigate possible Russian tampering of the 2016 US presidential election.

“Yet, as awareness grows, bot traffic and sophistication continue to escalate at an alarming rate. Despite bad bot awareness being at an all-time high, this year’s Bad Bot Report illustrates that no industry is immune to automated threats and constant vigilance is required in order to thwart attacks of this kind,” comments Distil Networks CEO Tiffany Olson Jones.

Here are some of Distil Networks' bad bot findings:

- In 2017, bad bots accounted for 21.8% of all website traffic, a 9.5% increase over the previous year. Good bots increased by 8.7% to make up 20.4% of all website traffic.

- For the first time, Russia became the most blocked country, with 20.7% of companies implementing country-specific IP block requests. Last year's leader, China, dropped down to sixth place with 8.3%.

- Gambling companies and airlines suffer from higher proportions of bad bot traffic than other industries, with 53.1% and 43.9% of traffic coming from bad bots, respectively. Ecommerce, healthcare and ticketing websites suffer from highly sophisticated bots, which are difficult to detect.

- 83.2% of bad bots report their user agent as web browsers Chrome, Firefox, Safari or Internet Explorer. 10.4% claim to come from mobile browsers such as Safari Mobile, Android or Opera.

- 82.7% of bad bot traffic emanated from data centres in 2017, compared to 60.1% in 2016. The availability and low cost of cloud computing explains the dominance of data centre use.

- 74% of bad bot traffic is made up of moderate or sophisticated bots, which evade detection by distributing their attacks over multiple IP addresses, or simulating human behaviour such as mouse movements and mobile swipes.

- Account takeover attacks occur 2-3 times per month on the average website, but immediately following a breach, they are 3x more frequent, as bot operators know that people re-use the same credentials across multiple websites.

Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Juniper Networks expands security offering for remote working
Juniper Networks has launched new solutions to enhance work from home security.More
Story image
BayCom partners with NICE inContact to offer cloud contact centre platform in NZ
“With our extensive experience in the industry, BayCom has the ability to design, implement and support CXone nationwide, providing organisations with an industry-leading Contact Centre as a Service (CCaaS) solution to deliver on their customer experience strategies.”  More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More