The number of malicious bots circulating around the internet and impacting website performance increased by 9.5 in 2017, accounting for 21.8 percent of all traffic, according to a new report Tuesday from bot detection and mitigation firm Distil Networks, based on data collected from its global network.
In 2016, the total share of bad bot website traffic was nearly a full two percentage points lower, at 19.9 percent. The overall share of good bot traffic also went up year over year, from 18.8 percent in 2016 to 20.4 percent in 2017. Meanwhile, humans comprised 57.8 percent of all traffic last year.
Malicious bots can perform any number of sketchy activities, including account takeovers, account creations, credit card fraud, denial of service attacks, gift card balance checking and denial of inventory (by holding in-demand items in shopping carts).
According to Distil's annual “Bad Bot Report," the industry that saw the heaviest percentage of website traffic generated by malicious bots in 2017 (compared to good bots and human traffic) was gambling (53.1 percent of all traffic). "Aggregators relentlessly scrape online gambling companies for the ever-changing betting lines they offer," the report states. "Such aggressive activity causes denial of service problems and sends customers elsewhere. Account takeovers are also a major problem."
Airlines experienced the next highest share of malicious bot traffic (43.90 percent of all website traffic), due to the automated scraping of prices and booking engine data, as well as account takeover attacks.
However, e-commerce sites in 2017 were victimised by the largest share of "sophisticated" bots, which Distil defines as bots that produce human-like mouse movements and clicks that can fool advanced detection methods. Indeed, 22.9 percent of traffic encountered by online retail sites was generated by malicious bots, says the report, which blames price and content scraping, account takeovers, credit card fraud and gift card abuse. Health care sites had the second largest share of sophisticated bad bot traffic, with, 22.3 percent.
Distil also found that 82.7 percent of malicious bot traffic emanated from abused data centres - which represents 37 percent jump from 2016 to 2017.
The report further notes that 45.2 percent of the world's bad bot traffic originates from the US - considerably more than China, which is a distant second at 10.5 percent. Of course, the attacks could be located anywhere in the world, but they use US data centres so that bots come from American IP address, making them less likely to be blocked.
Meanwhile, Russia and France are the countries whose traffic is blocked by the most Distill Networks customers (20.7 percent and 20.4 percent, respectively).
“This year bots took over public conversation, as the FBI continues its investigation into Russia's involvement in the 2016 US presidential election and new legislation made way for stricter regulations,” said Tiffany Olson Jones, CEO of Distil Networks, in a company press release. “Yet, as awareness grows, bot traffic and sophistication continue to escalate at an alarming rate. Despite bad bot awareness being at an all-time high, this year's Bad Bot Report illustrates that no industry is immune to automated threats and constant vigilance is required in order to thwart attacks of this kind.”