Application security, Application security, Threat Management

Malicious bot traffic climbs 9.5 percent in 2017, says report

The number of malicious bots circulating around the internet and impacting website performance increased by 9.5 in 2017, accounting for 21.8 percent of all traffic, according to a new report Tuesday from bot detection and mitigation firm Distil Networks, based on data collected from its global network. 

In 2016, the total share of bad bot website traffic was nearly a full two percentage points lower, at 19.9 percent. The overall share of good bot traffic also went up year over year, from 18.8 percent in 2016 to 20.4 percent in 2017. Meanwhile, humans comprised 57.8 percent of all traffic last year.

Malicious bots can perform any number of sketchy activities, including account takeovers, account creations, credit card fraud, denial of service attacks, gift card balance checking and denial of inventory (by holding in-demand items in shopping carts).

According to Distil's annual “Bad Bot Report," the industry that saw the heaviest percentage of website traffic generated by malicious bots in 2017 (compared to good bots and human traffic) was gambling (53.1 percent of all traffic). "Aggregators relentlessly scrape online gambling companies for the ever-changing betting lines they offer," the report states. "Such aggressive activity causes denial of service problems and sends customers elsewhere. Account takeovers are also a major problem."

Airlines experienced the next highest share of malicious bot traffic (43.90% of all website traffic), due to the automated scraping of prices and booking engine data, as well as account takeover attacks.

However, e-commerce sites in 2017 were victimized by the largest share of "sophisticated" bots, which Distil defines as bots that produce human-like mouse movements and clicks that can fool advanced detection methods. Indeed, 22.9 percent of traffic encountered by online retail sites was generated by malicious bots, says the report, which blames price and content scraping, account takeovers, credit card fraud and gift card abuse. Health care sites had the second largest share of sophisticated bad bot traffic, with, 22.3 percent.

Distil also found that 82.7 percent of malicious bot traffic emanated from abused data centers -- which represents 37 percent jump from 2016 to 2017.

The report further notes that 45.2 percent of the world's bad bot traffic originates from the U.S. -- considerably than China, who's a distant second at 10.5 percent. Of course, the attacks could be located anywhere in the world, but they use U.S. data centers so that bots come from American IP address, making them less likely to be blocked.

Meanwhile, Russia and France are the countries whose traffic is blocked by the most Distill Networks customers (20.7 percent and 20.4 percent, respectively).

“This year bots took over public conversation, as the FBI continues its investigation into Russia's involvement in the 2016 U.S. presidential election and new legislation made way for stricter regulations,” said Tiffany Olson Jones, CEO of Distil Networks, in a company press release. “Yet, as awareness grows, bot traffic and sophistication continue to escalate at an alarming rate. Despite bad bot awareness being at an all-time high, this year's Bad Bot Report illustrates that no industry is immune to automated threats and constant vigilance is required in order to thwart attacks of this kind.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.