Barracuda has released key findings into bad bots and the ways automated attacks are evolving.
The new report, Bot attacks: Top Threats and Trends Insights into the Growing Number of Automated Attacks, explores emerging traffic patterns, live examples of bot behaviour and detection, and the steps IT teams should take to protect their businesses.
Automated bot traffic has significantly increased over the past few years. Originally used primarily by search engines, bots now have various uses, both good and bad.
The good bots are mainly search engine crawlers, social network bots, aggregated crawlers, monitoring bots, etc. These bots obey the website owner's rules as specified in the robots.txt file and publish methods of validating themselves. They work to avoid overwhelming the websites and applications they visit.
Bad bots are built to perform various malicious activities. They range from basic scrapers to get data off an application (and are easily blocked) to advanced persistent bots that behave almost like human beings and look to evade detection as much as possible. These bots attempt web and price scraping, inventory hoarding, account takeover attacks, distributed denial of service (DDoS) attacks, and much more. Bad bots make up a significant part of website traffic today, and detecting and blocking them is critical to businesses.
The report looks at current trends, such as the traffic volume from these bad bots, where bot attacks originate from, and the time of day attacks are most likely to happen. It also breaks down live examples and covers the steps IT teams can take and the technology they can use to stop these types of attacks.
Barracuda researchers analysed traffic patterns over the first six months of 2021. Some key takeaways from their analysis include:
- Bots make up nearly two-thirds of internet traffic, with bad bots making up almost 40% of all traffic.
- eCommerce applications and login portals are the most common targets of advanced persistent bots.
- North America accounts for 67% of bad bot traffic, and most of it originates from public data centers.
- Most bot traffic comes in from the two large public clouds AWS and Microsoft Azure, roughly equal measure.
- Over 22% of bad bot traffic comes from Europe, with European bad bot traffic more likely to come from hosting services or residential IPs.
"Bad bots follow a standard workday and with good reason," says Barracuda VP of product management, application security, Nitzan Miron.
"The attackers running these bad bots prefer to hide within the standard human traffic stream to avoid raising alarm bells. The common stereotype of a hacker performing their attacks late into the night in a dark room with green fonts on a black screen has been replaced by people who set up their bots to carry out the automated attacks while they go about their day.
"While some bots like search engine crawlers are good, our research shows that over 60% of bots are dedicated to carrying out malicious activities at scale. When left unchecked, these bad bots can steal data, affect site performance, and even lead to a breach. That's why it's critically important to detect and effectively block bot traffic," he says.