Perimeter

12/18/2014
03:50 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Bad Bots On The Rise

Humans remain outnumbered by bots online, new data shows.

The number of bots roaming the Net dropped this year, but the population of malicious bots has grown.

The overall population of bots, good and bad, dropped by more than 5% over 2013, according to a study published today. Bad bots that wage distributed denial-of-service (DDoS) attacks, commit click and ad fraud, scan for vulnerable targets, and spy, for instance, increased by as much as 15%.

Bots still outnumber humans online, accounting for 56% of Internet traffic versus humans at 44%. And bad or malicious bots account for more traffic than good bots, with 29% of a site's traffic. Good bots represent 27% of site visits.

"The sophistication of bad bots has increased," says Marc Gaffan, CEO and co-founder of Incapsula, whose firm for the second year in a row has seen more bots than real people inhabiting the Net. Bots are user machines infected by malware to do the bidding of the attacker. Incapsula calls the more sophisticated DDoS, ad fraud, and malicious scanning bots "impersonators," because they try to appear as legitimate users.

"The bar for creating bad bots has risen a bit. The ones out there are a lot more dangerous," Gaffan says.

Bots don't discriminate when it comes to site size: About one in three visitors to any size website is a malicious bot, according to the report. The data comes from a sampling of 15 billion human and bot visits over a 90-day period on 20,000 websites worldwide. Each site had a minimum of 10 human visitors per day.

The malicious bot threat has been an increasing problem. A bot is born in an organization about every 24 hours, according to a recent CheckPoint Software study, which found that three-fourths of enterprises have at least one bot-infected endpoint in-house. The percentage of organizations found with bots jumped from 63% in 2012 to 73% in 2013, the study found.

Aside from DDoS and other duped bots, there's a heavy population of bots recruited to perform ad fraud today. A recent study by the Association of National Advertisers and WhiteOps found that advertisers are losing $6.3 billion to $10 billion per year of ad revenue to fraud, thanks to the epidemic of phony ad traffic perpetrated by bots. From Aug. 1 to Oct. 1, WhiteOps researchers studied and analyzed the digital advertising traffic of a who's who of 36 US major corporations from various industries -- all ANA members -- including Ford, Honda, General Mills, Lilly, MasterCard, Merk, MillerCoors, Home Depot, Verizon, Walmart, and Wendy's.

"Incapsula's data reflects the reality that because you're receiving traffic doesn't mean it's a pair of human eyeballs on the other side. Sometimes it's a machine," says Dan Kaminsky, chief scientist with WhiteOps.

Bots are becoming more human-like and camouflaged, Kaminsky says, because the web has gotten more complicated. "As the web has gotten more complicated, so too have the bots."

Bad guys amass bots to do their dirty work because there's little risk for high financial gain, he says. "This is a criminal mechanism that generates money with no risk."

So what's the difference between an old-school bad bot and an impersonator bot? Gaffan says old-school bots are easier to spot, and their numbers will continue to dwindle in favor of the more sophisticated impersonator bots, some of which impersonate good, trusted bots.

The good/legitimate bot population is shrinking mainly due to a decline in RSS services, according to the Incapsula report.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.