Many people may believe cat videos and Facebook updates comprise most of the world's internet traffic, but a study by Imperva Incapsula indicates that bots produce almost half of all web traffic with most of that being malicious in nature.
The Imperva report found that in 2015 51 percent of web traffic, up from 44 percent in 2014, is human based, but the remaining 49 percent is all from “good” and “bad” bots traveling the internet. Imperva deemed 29 percent of the bot traffic as bad being composed of scraper bots, spam bots and hacker bots and the company noted these bad bots are responsible for 90 percent of all the cybersecurity problems that arise. The annual cost of cybercrime is expected $2 trillion by 2019, the report said.
The amount of bad botnet traffic remained steady from 2014, but that is not necessarily a good thing Tim Matthews, vice president of marketing at Imperva for the Imperva Incapsula product line, said to SCMagazine.com in an email.
“Stabilization of bad bot traffic can be read either as a good sign, if you are an optimist, or if you are a realist, a sign that criminals and hackers are just a fact of online life. One area to keep an eye on is IoT, which has the potential to add a lot more bots from compromised devices. For example in our research, we've seen SoHo router and CCTV camera IoT incidents in the wild and expect to see more,” he said.
The remaining 20 percent of the bot traffic was labeled “good”, being created by e-commerce sites and search engines among many other sources. This amount was down 7 percent from the previous year, a fact Matthews attributed to there being more bot-using criminals coming online.
“While there are new users coming online, due to factors such as population growth, mobile phone access and younger users, there are also more criminals using bad bots,” he said.
And the bar to entry for commanding a botnet army is about the same as buying a sandwich or filling up an SUV's gas tank. Imperva found bots can be hired for as little as $5 per hour or $50 per day and some of those advertised even come with a money back guarantee, but Matthews was not sure about how one would go about demanding a refund.
The primary use for bots is performing Distributed Denial of Service attacks mostly originating from China, South Korea, the United States, Vietnam and Turkey with the United States, U.K., Japan, Netherlands and France being the most victimized nations.
The report's bright spot is that technology is improving enabling companies to spot or fight off such attacks.
“Yes, technology is helping to identify the bad botnets. The trick is to combine a multitude of factors – IP address, ability to handle cookies and JavaScript, mouse movement and other elements,” Matthews said.
