Bad Bots Up Their Human Impersonation Game

  /     /     /  
Publicated : 22/11/2024   Category : security


Bad Bots Up Their Human Impersonation Game


Every third website visitor was an attack bot in 2016, and humans represent just under half of all Internet traffic, new Imperva data sample shows.



Unsavory traffic on the Web continues to flow at a steady clip with nearly one-third of it from bad bots.
New data released from Imperva today shows bots with the upper hand overall, with humans representing 48.2% of website traffic in 2016; so-called good bots (think feed-fetchers, search engine bots and crawlers) at 22.9%, and bad bots accounting for 28.9% of the traffic. Bad bots mainly include automated accounts posing as humans, which make up about one-fourth of all bad bots. Other bad actor bots: hacker tools, scrapers, and spammers.
Every third visitor to a website was a bad bot last year, and more than 94% of websites in the study suffered at least one attack by a bad bot during the 90-day study of some 16.7 billion visits to 100,000 randomly-selected domains on Impervas Incapsula network, a cloud-based service that provides web security, DDoS protection, and optimization for content delivery networks.
I dont know if people  know that every third visitor to their website is an attack bot, says Igal Zeifman, a senior manager at Imperva. The majority of automated visits … are doing something they shouldnt be doing, scraping the content of a website, spamming, comment-spamming, link-spamming, auto-filling online forms, and of course, waging distributed denial-of-service (DDoS) attacks, he says.
Bad bots have maintained a steady presence online as the Internet continues to grow, at 31% in 2012, a dipping slightly to around 29% the past couple of years, according to Impervas data.  This talks [of] motivation of attackers, and their ability to successfully attack via bots, he says.
Impervas report
says impersonator bots remain the most prolific brand of bad bot: they accounted for 243.% of all traffic on Impervas Incapsula network last year. These are bots that not only launch DDoS attacks, but also pose as browsing users in order to evade security detection tools. Depending on the website, the biggest risk of these nasty bots is DDoS attacks, using the site as a malware distribution forum, or as the first phase of an attack that ultimately infiltrates the organization itself, according to Zeifman.
Distil Networks last year 
found that last year humans outnumbered bad bots
on the Web for the first time since 2013. But Distils data drew from its Hadoop cluster that includes some 74 million bot requests and other customer data. Unlike Impervas data set, it doesnt include DDoS bots but instead all other types of bad bots, including digital ad fraud.
What was in common, however, was that Distil also saw an increase bad bots imitating human online behavior. I think that whats interesting is that the sophistication of bots seems to be increasing, says Edward Roberts, director of product marketing at Distil, which currently is putting the finishing touches on its new 2016 bot activity report.
For example, these smarter and more human-like bad bots are spreading around website activity requests among thousands of IPs, he says, in order to remain under the radar of web security tools and teams. They pause a few seconds between page requests, for instance, and move the mouse similar to the way a human does, he says.
Some organizations are suffering more than others from bad bot activity. Two of three requests are [via] bad bots on some companies websites, he says.
This is something thats not going away, Distils Roberts says.
Related Content:
Epic Security #FAILS Of The Past 10 Years
Majority Of Bad Bots Behave Like Humans
Bots Will Inflict $7.2 Billion In Fraud On Digital Advertisers In 2016
7 Ways To Fine-Tune Your Threat Intelligence Model

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Bad Bots Up Their Human Impersonation Game