Perimeter
12/18/2014
03:50 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Bad Bots On The Rise

Humans remain outnumbered by bots online, new data shows.

The number of bots roaming the Net dropped this year, but the population of malicious bots has grown.

The overall population of bots, good and bad, dropped by more than 5% over 2013, according to a study published today. Bad bots that wage distributed denial-of-service (DDoS) attacks, commit click and ad fraud, scan for vulnerable targets, and spy, for instance, increased by as much as 15%.

Bots still outnumber humans online, accounting for 56% of Internet traffic versus humans at 44%. And bad or malicious bots account for more traffic than good bots, with 29% of a site's traffic. Good bots represent 27% of site visits.

"The sophistication of bad bots has increased," says Marc Gaffan, CEO and co-founder of Incapsula, whose firm for the second year in a row has seen more bots than real people inhabiting the Net. Bots are user machines infected by malware to do the bidding of the attacker. Incapsula calls the more sophisticated DDoS, ad fraud, and malicious scanning bots "impersonators," because they try to appear as legitimate users.

"The bar for creating bad bots has risen a bit. The ones out there are a lot more dangerous," Gaffan says.

Bots don't discriminate when it comes to site size: About one in three visitors to any size website is a malicious bot, according to the report. The data comes from a sampling of 15 billion human and bot visits over a 90-day period on 20,000 websites worldwide. Each site had a minimum of 10 human visitors per day.

The malicious bot threat has been an increasing problem. A bot is born in an organization about every 24 hours, according to a recent CheckPoint Software study, which found that three-fourths of enterprises have at least one bot-infected endpoint in-house. The percentage of organizations found with bots jumped from 63% in 2012 to 73% in 2013, the study found.

Aside from DDoS and other duped bots, there's a heavy population of bots recruited to perform ad fraud today. A recent study by the Association of National Advertisers and WhiteOps found that advertisers are losing $6.3 billion to $10 billion per year of ad revenue to fraud, thanks to the epidemic of phony ad traffic perpetrated by bots. From Aug. 1 to Oct. 1, WhiteOps researchers studied and analyzed the digital advertising traffic of a who's who of 36 US major corporations from various industries -- all ANA members -- including Ford, Honda, General Mills, Lilly, MasterCard, Merk, MillerCoors, Home Depot, Verizon, Walmart, and Wendy's.

"Incapsula's data reflects the reality that because you're receiving traffic doesn't mean it's a pair of human eyeballs on the other side. Sometimes it's a machine," says Dan Kaminsky, chief scientist with WhiteOps.

Bots are becoming more human-like and camouflaged, Kaminsky says, because the web has gotten more complicated. "As the web has gotten more complicated, so too have the bots."

Bad guys amass bots to do their dirty work because there's little risk for high financial gain, he says. "This is a criminal mechanism that generates money with no risk."

So what's the difference between an old-school bad bot and an impersonator bot? Gaffan says old-school bots are easier to spot, and their numbers will continue to dwindle in favor of the more sophisticated impersonator bots, some of which impersonate good, trusted bots.

The good/legitimate bot population is shrinking mainly due to a decline in RSS services, according to the Incapsula report.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Equifax CIO, CSO Step Down
Dark Reading Staff 9/15/2017
Cloud Security's Shared Responsibility Is Foggy
Ben Johnson, Co-founder and CTO, Obsidian Security,  9/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.