Perimeter

12/18/2014
03:50 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Bad Bots On The Rise

Humans remain outnumbered by bots online, new data shows.

The number of bots roaming the Net dropped this year, but the population of malicious bots has grown.

The overall population of bots, good and bad, dropped by more than 5% over 2013, according to a study published today. Bad bots that wage distributed denial-of-service (DDoS) attacks, commit click and ad fraud, scan for vulnerable targets, and spy, for instance, increased by as much as 15%.

Bots still outnumber humans online, accounting for 56% of Internet traffic versus humans at 44%. And bad or malicious bots account for more traffic than good bots, with 29% of a site's traffic. Good bots represent 27% of site visits.

"The sophistication of bad bots has increased," says Marc Gaffan, CEO and co-founder of Incapsula, whose firm for the second year in a row has seen more bots than real people inhabiting the Net. Bots are user machines infected by malware to do the bidding of the attacker. Incapsula calls the more sophisticated DDoS, ad fraud, and malicious scanning bots "impersonators," because they try to appear as legitimate users.

"The bar for creating bad bots has risen a bit. The ones out there are a lot more dangerous," Gaffan says.

Bots don't discriminate when it comes to site size: About one in three visitors to any size website is a malicious bot, according to the report. The data comes from a sampling of 15 billion human and bot visits over a 90-day period on 20,000 websites worldwide. Each site had a minimum of 10 human visitors per day.

The malicious bot threat has been an increasing problem. A bot is born in an organization about every 24 hours, according to a recent CheckPoint Software study, which found that three-fourths of enterprises have at least one bot-infected endpoint in-house. The percentage of organizations found with bots jumped from 63% in 2012 to 73% in 2013, the study found.

Aside from DDoS and other duped bots, there's a heavy population of bots recruited to perform ad fraud today. A recent study by the Association of National Advertisers and WhiteOps found that advertisers are losing $6.3 billion to $10 billion per year of ad revenue to fraud, thanks to the epidemic of phony ad traffic perpetrated by bots. From Aug. 1 to Oct. 1, WhiteOps researchers studied and analyzed the digital advertising traffic of a who's who of 36 US major corporations from various industries -- all ANA members -- including Ford, Honda, General Mills, Lilly, MasterCard, Merk, MillerCoors, Home Depot, Verizon, Walmart, and Wendy's.

"Incapsula's data reflects the reality that because you're receiving traffic doesn't mean it's a pair of human eyeballs on the other side. Sometimes it's a machine," says Dan Kaminsky, chief scientist with WhiteOps.

Bots are becoming more human-like and camouflaged, Kaminsky says, because the web has gotten more complicated. "As the web has gotten more complicated, so too have the bots."

Bad guys amass bots to do their dirty work because there's little risk for high financial gain, he says. "This is a criminal mechanism that generates money with no risk."

So what's the difference between an old-school bad bot and an impersonator bot? Gaffan says old-school bots are easier to spot, and their numbers will continue to dwindle in favor of the more sophisticated impersonator bots, some of which impersonate good, trusted bots.

The good/legitimate bot population is shrinking mainly due to a decline in RSS services, according to the Incapsula report.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.