Almost every website with a login page is under attack from bad bots, the automated programs used to carry out a variety of nefarious activities, according to Distil Networks.
“Website defenders should be worried because once bad bots are behind the login page, they have access to even more sensitive data for scraping and greater opportunity to successfully carry out transaction fraud,” said Rami Essaid, CEO of Distil Networks.
Bad bots by the numbers
- 40% of all web traffic in 2016 originated from bots. Bad bots alone were responsible for 20% of web traffic and increasingly impact large websites.
- 76% of bad bots lie about coming from the most popular browsers, including Chrome, Safari Internet Explorer and Firefox.
- 60% of bad bots come from data centers, as opposed to residential or mobile. Amazon is the top originating ISP for the third year in a row, with 16% of all bad bot traffic—four times more than the next ISP.
- 16% of bad bots self-reported as mobile users. For the first time, Mobile Safari made the top five list of self reported user agents, outranking Web Safari.
What makes websites appealing to bad bot actors?
The report also includes attributes that make specific websites appealing to bad bot actors. Websites that have one of the following attributes are most attractive to bad bots:
- Unique content and/or product and pricing information.
- Sign-up, login, and account pages.
- Payment processors.
- Web forms, such as contact, discussion forums, and reviews.
Automated threats in detail
- 97% of websites with proprietary content and/or pricing are being hit by unwanted scraping.
- 90% of websites were hit by bad bots that were behind the login page, including websites with account login sections, payment portals, and transaction platforms.
- 31% of websites with forms are hit by spam bots, which damages customer experience, affects brand perception, and diverts traffic off the site.