Yes! You heard it right, about a fifth of all website traffic now comes from malicious bots. This makes it roughly 20.4% of web traffic daily. This automated traffic is responsible for offensive attacks on websites, APIs and mobile apps; the financial sector (especially banking) being the worst.
According to Distil Research Lab’s Bad Bot report, hundreds and billions of “Bad Bots” requests were found. Moreover, they also enable large scale malicious activity like web scraping and competitive data mining.
The research released on Wednesday 17th, 2019 mentioned 73.6 percent of bad bots as “Advanced Persistent Bots.” Although the number of bad bot traffic has shown a decline over the years; thanks to the sophisticated encryptions, the report said.
Industries hit hardest by bad bots
Financial services were targeted the most by malicious bot traffic (42%). In 2018 Akamai reported over a billion fake credential attempts on financial firms.
The report says that ticketing (39%) government sectors (30%) and education (38%) were also affected by the malicious intent of this malicious traffic. The government domain is the least likely to be affected as there is no financial gain to retrieve. However, it might be driven by election for intervening the voter’s registration and account. Airlines were not forgiven too; they were also targeted with reported (25.9%) from bad bot traffic.
Gaming and gambling also saw a quarter of bad-bot traffic with reported (25.9%). However, Ecommerce got a surprisingly low percentage with only 18% traffic coming from bad bots. Malicious activities on e-commerce activities include credit-card fraud, gift card abuse, and account takeovers.
How hackers utilize bad bots
Bad bots are usually used by hackers, fraudsters and malicious competitors. They then use these malicious bots for web scraping, hijacking, transaction fraud, spam, and distributed denial-of-service attacks.
“While bad bot activity on industries like airlines and ticketing are well-noted, no organization – large or small, public or private – is immune from such attacks,” said Kleemann. CEO of Distil Networks.
Advance persistent bots can switch user agents and cycle through random IPs. They can even enter through anonymous proxies and mimic human behavior and change their identities. APBs are slow, but they do carry out significant assaults.
In the last five years, a total of 14.7 million data breaches took place. The credentials of those data breaches are used for malicious deeds; businesses with a login page are often confused with too many requests.
In terms of geographical location over half of the bot traffic (around 53.4%) were from the United States. On the contrary, Russia and Ukraine combined contributed nearly 48% of the country-specific IP block requests.
Bots are used by cyber-criminals to steal credentials and data. Every new data breach means increased availability of credentials which lead to a higher volume of bad bot traffic.
In the world of cybercriminals, is your online presence secure with protocols? If not then think again and asses where you lack.
Now, you know what these malicious bots do and what are their targets, it is your time to act!
Devin Smith, Marketing Director at ReviewsDir