Imperva analysed over 16.7 billion visits to 100,000 randomly-selected domains on the Imperva Incapsula network.
Imperva analysed over 16.7 billion visits to 100,000 randomly-selected domains on the Imperva Incapsula network.

Imperva has released its fifth Bot Traffic Report, which looks at trends in bot traffic throughout 2016.

Announced in a press release, it details some startling statistics: In 2016, every third website visitor was an attack bot and 94.2 percent of inspected websites experienced at least one bot attack during the 90 day survey period.

In the study, Imperva analysed over 16.7 billion visits to 100,000 randomly-selected domains on the Imperva Incapsula network.

Giving context and scale to how much of a problem this appears to be, Imperva says that in 2016 “bad bots” accounted for 28.9 percent of internet traffic.  

The report touches on impersonator bots: these were the most active bad bots for the fifth year in a row.

Impersonator bots are most commonly used to launch DDoS attacks as they look like legitimate traffic and the most famous ones of today include Nitol, Cyclone and of course Mirai.

The Mirai botnet, which broke many records in terms of the size of attack, had its source code released online. This spawned many copycat attacks on major websites across the internet.

Most recently, investigative security blogger Brian Krebs, whose website was brought to a standstill by the Mirai botnet, released details about his investigation into the identity of the author the Mirai botnet, Anna-Senpai.

Imperva said: “It's telling that this is related to Minecraft as gaming servers continue to be the number one target of DDoS assaults. Gaming servers have been hit by some of the largest and longest attacks on recent record,” party down to the fact that popular servers in the game are making huge sums of money from running servers for the game environment. This brings a certain level of competitiveness to the industry.

Bots once again became the majority of website visitors (51.8 percent), a trend driven by an increase in good bot activity.

Imperva said: “In 2016 we tracked 504 unique good bots—278 of which were active enough to generate at least 1,000 daily visits to our network. Of these, 57.2 percent displayed an increase in activity, while only 29.4 percent saw their activity decrease year-over-year.”

There are numerous ways in which good bots support the various business and operational goals of their owners—from personal users to large multinationals.On a broader level, however, these can be categorised by the following four groups: 

  • Feed fetcher – Bots that ferry website content to mobile and web applications, which they then display to users.
  • Search engine bots – Bots that collect information for search engine algorithms, which is then used to make ranking decisions.
  • Commercial crawlers – Spiders used for authorised data extractions, usually on behalf of digital marketing tools.
  • Monitoring bots – Bots that monitor website availability and the proper functioning of various online features.
Feed fetchers were the most active good bot in 2016, responsible for 12.2 percent of all traffic. The majority of their activity can be attributed to usage of mobile apps, reflecting the shift to mobile by human users.