Not All Bots are Bad
Many people believe bot traffic is inherently harmful. That is not the case. Search engine crawlers, genuine social network bots, feed bots, spambots, and shopbots, for example, are all helpful, and in some cases even essential, for the operation of a specific service. Another example of good bots are copyright bots, who crawl the internet looking for content that may violate copyrights. Some good bots even have interactive capabilities. Take chatbots, also known as conversational agents. They are becoming more and more sophisticated and can conduct human-like conversations, with some level of frustration and all. Personal assistant bots, like Siri and Alexa, are another example. They, too, are simply computer programs that look for answers on the internet. Bad bots and botnets, on the other hand, are created to perform malicious activities. They have the potential to wreak havoc across the internet and across individual organizations. Some are good at disguising themselves and carry out their work almost invisibly. Others are easier to spot.
Bots Drive Internet Traffic
Nowadays, bots make up nearly two-thirds of internet traffic, according to Barracuda’s report titled “Bot Attacks: Top Threats and Trends – Insights into the growing number of automated attacks”. The report explores emerging traffic patterns. It also details live examples of bot behavior and detection. Finally, it outlines steps IT teams can take to protect their organizations. According to Barracuda, most bot traffic comes in from two large public clouds, AWS and Microsoft Azure, in roughly equal measure. In total, automated bots drive about 64% of all internet traffic. This figure includes harmless bots. Bad bots alone are responsible for approximately 40% of all internet traffic. Apparently, North America accounts for no less than 67% of bad bot traffic, with the vast majority originating from public data centers. Just over 22% of bad bot traffic comes from Europe. Here, the traffic can be traced to hosting services and residential IPs, rather than public data centers. Asia comes in only in third place with 8%. The number of bad bots coming from Africa, South America, and Oceania is extremely low.
Malicious Bots Increasingly Sophisticated
There are many different types of malicious bots, ranging from basic scrapers to advanced and persistent bots. Some are capable of evading detection for a very long time. To do so, bad bots often use the same browsers as humans. They can manipulate HTTP headers, change their browser fingerprints, and launch their attacks from reputable IP addresses. Barracuda’s researchers have also found many examples of bad bots pretending to be good bots. Their report revealed that the most common persistent bots are the ones that go after e-commerce applications and login portals. These bots attempt attacks such as web and price scraping, inventory hoarding, account takeover, distributed denial of service (DDoS) attacks, and much more. Interestingly, malicious bots tend to adhere to strict office hours. Their peak is clearly between 9 am and 5 pm, in order to blend in with normal human traffic. Or, as Barracuda explains, “The common stereotype of a hacker performing their attacks late into the night in a dark room with green fonts on a black screen has long been replaced by people who set up their bots to carry out the automated attacks while they go about their day.”
