A new report has revealed big changes in the way bots are used on the internet including the fact that malicious bots are as strong as ever even though human finally, and for the first time, make up the majority of web traffic
Released by Imperva, a cyber-security company, the report draws its conclusions from a study of more than 19 billion human and bot visits over 90 days between July and October 2015, from 249 countries.
The revelation that, as the report notes, “humans were the ones responsible for the majority of all online traffic”, might seems absurd. Who else is going to be on the internet apart from humans and the occasional dog? But bots have taken up the majority of web traffic for a while now. Imperva first announced that fact three years ago, when it found that 51 percent of website traffic wasn't human, but bot.
However, this new revelation that humans are the new majority on the internet measures out to a massive drop in legitimate or ‘good' bots and a steady increase in the share of ‘bad bots', according to Imperva's report. Human traffic made up about 38.5 percent of all traffic in 2013, and is now at just over 51 percent, meanwhile ‘good' bots have decreased from 31 percent to 19.5 percent in 2015. Bad bot traffic, however remains steady at 30 percent. Igal Zeifman, senior digital strategist at Imperva spoke to SCMagazineUK.com commenting on this change in the bot-scape: “Broadly speaking, the accelerated growth in bad bot activity is a result of the criminal use of automated software becoming more common than the organisational use of automated tools.”
A bot is essentially an automated piece of code that acts as a web user. Now unlike a web user it will not click onto Google to search ‘festive lawn furniture' before heading over to Facebook to see what their mate Steve's been up to over the weekend. No, simple automated tasks are what bots are used for; fake twitter followers and YouTube views; standing in line for soon-to-sell-out concert tickets and eBay bidding wars all are fair game to the bots and their distant masters.
Like all technology, bots can be used for good or ill. Unfortunately, it's the ill column that researchers at Imperva found to be undergoing a massive growth spurt. The bad bots, the report notes, “are the malicious intruders that swarm the Internet and leave a trail of hacked websites and downed services. Their masters are the bad actors of the cyber-security world, from career hackers to script kiddies.” In fact, the increase of bad bots has increased in correlation with the increase in the number of cyber-attacks to the point that 90 percent of all security events that Imperva sees are the result of bad bot activities.
These bad bots are, among other things, the fake traffic that make up DDoS attacks which have seen a 121.9 percent increase consistently over the last four years.
The other area of growth of these ‘bad bots' has been in developing countries. The report notes that while there are two bots for every human user in developed countries, developing countries have a lot more. Developing countries, Zeifman told SC “have a higher percentage of first-time computer/device owners, looser security standards and vendors who are generally less security aware. The experience of more frequent Internet usage promotes awareness, which makes a hacker's job more difficult.”
There are a couple of reasons for these changes. Firstly, the internet's human population has risen immensely over the last decade as has the length of time that those people spend on the internet. While good bots pay little mind to the popularity of websites, bad bots latch on to what is popular in the same way humans do. Zeifman told SC that, “While there has been an overall increase in individual internet users, the number of hackers, who use bad bots for most of their assaults, has increased faster than the number of organisations that need to use bots for their online activity.”
Rami Essaid, CEO and co-founder of Distil Networks, a company that specialises in combatting bots, also spoke to SC. He too noted that shifting bot-scape: “We are seeing a major shift in what bad bots are being used for. In the past, bots were used for volumetric DDoS attacks where they would indiscriminately flood a website.” But today, “We are seeing much more targeted attacks with bad bots being used to attack specific areas of a site for things like account takeovers and credit card fraud.”