Internet research firm Distil Networks has analysed hundreds of billions of bad bot requests at the application layer to provide insight and guidance on the nature and impact of automated threats in 2017, and has just published its findings.
Bad bots are used by competitors, hackers and fraudsters and are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, spam, digital ad fraud and downtime.
The report revealed an increase in bad bot traffic over 2016 and illustrated how public perception of bots has impacted enterprise behaviour, such as handling abusive traffic from foreign IP addresses.
Key findings in the Distil report include:
* In 2017, bad bots accounted for 21.8 percent of all website traffic, a 9.5 percent increase over the previous year. Good bots increased by 8.7 percent to make up 20.4 percent of all website traffic.
* For the first time, Russia became the most blocked country, with one in five companies (20.7 percent) implementing country-specific IP block requests. Last year’s leader, China, dropped down to sixth place with 8.3 percent.
* Gambling companies and airlines suffer from higher proportions of bad bot traffic than other industries, with 53.1 percent and 43.9 percent of traffic coming from bad bots, respectively. Ecommerce, healthcare and ticketing websites suffer from highly sophisticated bots, which are difficult to detect.
* 83.2 percent of bad bots report their user agent as web browsers Chrome, Firefox, Safari or Internet Explorer. 10.4 percent claim to come from mobile browsers such as Safari Mobile, Android or Opera.
* 82.7 percent of bad bot traffic emanated from data centers in 2017, compared to 60.1 percent in 2016. The availability and low cost of cloud computing explains the dominance of data center use.
* 74 percent of bad bot traffic is made up of moderate or sophisticated bots, which evade detection by distributing their attacks over multiple IP addresses, or simulating human behavior such as mouse movements and mobile swipes.
* Account takeover attacks occur 2-3 times per month on the average website, but immediately following a breach, they are 3x more frequent, as bot operators know that people reuse the same credentials across multiple websites.
See the infographic and data here