Perimeter

12/18/2014
03:50 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Bad Bots On The Rise

Humans remain outnumbered by bots online, new data shows.

The number of bots roaming the Net dropped this year, but the population of malicious bots has grown.

The overall population of bots, good and bad, dropped by more than 5% over 2013, according to a study published today. Bad bots that wage distributed denial-of-service (DDoS) attacks, commit click and ad fraud, scan for vulnerable targets, and spy, for instance, increased by as much as 15%.

Bots still outnumber humans online, accounting for 56% of Internet traffic versus humans at 44%. And bad or malicious bots account for more traffic than good bots, with 29% of a site's traffic. Good bots represent 27% of site visits.

"The sophistication of bad bots has increased," says Marc Gaffan, CEO and co-founder of Incapsula, whose firm for the second year in a row has seen more bots than real people inhabiting the Net. Bots are user machines infected by malware to do the bidding of the attacker. Incapsula calls the more sophisticated DDoS, ad fraud, and malicious scanning bots "impersonators," because they try to appear as legitimate users.

"The bar for creating bad bots has risen a bit. The ones out there are a lot more dangerous," Gaffan says.

Bots don't discriminate when it comes to site size: About one in three visitors to any size website is a malicious bot, according to the report. The data comes from a sampling of 15 billion human and bot visits over a 90-day period on 20,000 websites worldwide. Each site had a minimum of 10 human visitors per day.

The malicious bot threat has been an increasing problem. A bot is born in an organization about every 24 hours, according to a recent CheckPoint Software study, which found that three-fourths of enterprises have at least one bot-infected endpoint in-house. The percentage of organizations found with bots jumped from 63% in 2012 to 73% in 2013, the study found.

Aside from DDoS and other duped bots, there's a heavy population of bots recruited to perform ad fraud today. A recent study by the Association of National Advertisers and WhiteOps found that advertisers are losing $6.3 billion to $10 billion per year of ad revenue to fraud, thanks to the epidemic of phony ad traffic perpetrated by bots. From Aug. 1 to Oct. 1, WhiteOps researchers studied and analyzed the digital advertising traffic of a who's who of 36 US major corporations from various industries -- all ANA members -- including Ford, Honda, General Mills, Lilly, MasterCard, Merk, MillerCoors, Home Depot, Verizon, Walmart, and Wendy's.

"Incapsula's data reflects the reality that because you're receiving traffic doesn't mean it's a pair of human eyeballs on the other side. Sometimes it's a machine," says Dan Kaminsky, chief scientist with WhiteOps.

Bots are becoming more human-like and camouflaged, Kaminsky says, because the web has gotten more complicated. "As the web has gotten more complicated, so too have the bots."

Bad guys amass bots to do their dirty work because there's little risk for high financial gain, he says. "This is a criminal mechanism that generates money with no risk."

So what's the difference between an old-school bad bot and an impersonator bot? Gaffan says old-school bots are easier to spot, and their numbers will continue to dwindle in favor of the more sophisticated impersonator bots, some of which impersonate good, trusted bots.

The good/legitimate bot population is shrinking mainly due to a decline in RSS services, according to the Incapsula report.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.,  8/20/2018
Ohio Man Sentenced To 15 Months For BEC Scam
Dark Reading Staff 8/20/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15667
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can...
CVE-2018-15668
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate atta...
CVE-2018-15669
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are...
CVE-2018-15670
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if t...
CVE-2018-15671
PUBLISHED: 2018-08-21
An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.