For the first time in nearly a decade, bots are close to making up just as much of the activity on the internet as humans. A new study from security firm Imperva finds that bad bot traffic is responsible for this surge, with malicious bot activity doubling that of the benign bots that power services like search engines.
Bad bot traffic on the rise thanks to pandemic, creative new attack types
Bad bot traffic has been steadily on the rise since the pandemic began, with hackers taking advantage of the unusual conditions to both target the greater amount of online traffic and come up with some creative new approaches.
One of the major drivers of malicious bot traffic in the past year has been account takeover campaigns, which increased by 148% as compared to the 2020 numbers. These generally center on repetitive attempts to find a valid user login and password combination, whether by blindly guessing passwords or by trying credentials that were leaked in previous data breaches. The bad bots get around limits on login attempts by switching IP addresses and making use of automated timing of attempts.
Most of the bad bot traffic is also focused on the United States, which draws over 43%. No other single country draws more than 6.8% of the overall malicious bot traffic, and over 22% of US households have now experienced some sort of account takeover. Certain industries are also much more popular with these threat actors than others: financial services, travel and business services are the ones that are most often attacked by bad bots.
But no matter where you are in the world, you are facing both an increase in bad bot activity and more sophisticated attempts. Attackers are also not limited to password stuffing and other common forms of network entry; they also use bot traffic to run a variety of scams as well. A new approach identified by Imperva was the use of bots to automatically register fake students at colleges, attempting to collect on increased amounts of financial aid and pandemic relief money during the Covid-19 restrictions.
Malicious bot traffic at highest rate in almost a decade
The Imperva annual study began in 2014, the last year in which overall bot traffic (both good and bad) outpaced human activity. Bad bots were corralled to some degree for several years, but saw a major breakout when the pandemic created all of these new opportunities for their use.
Bad bot traffic is very frequently an indicator of attempted hacking, but it is also applied by less sophisticated actors to run basic scams and engage in general nuisance behavior. One aspect that many are likely to have encountered at some point is online scalping operations, which use bots to snap up items released in limited quantities for resale at a premium. Bad bots are also employed to steal content from websites quickly and in large quantities, often hastily altered using text-spinning software in an attempt to evade plagiarism detection.
Bad bots are also finding more success these days as their creators find more creative ways to disguise them as good bot traffic, or even as human activity. The Imperva study finds that over 65% of the bad bots in use now have some sort of evasive ability that mimics human behavior to slip by automated defenses.
While bad bot traffic is a year-round problem, the Imperva study does see a consistent spike during the summer months (likely targeting vacation travel) and a large peak in December (targeting Christmas shopping).