Mobile is the new frontier for malicious bots

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

Distil Networks analyzed over 100 million mobile devices on its networks. The findings suggest that sophisticated cybercriminals and bot operators now implement a new technique—leveraging mobile devices – to avoid detection and execute a number of nefarious acts. At this time, 5.8 percent of all mobile devices across six major cellular networks are used in such automated attacks and represent eight percent of all bad bot traffic.

mobile malicious bots

This bad bot traffic is purposefully deployed against any business with a web presence to carry out acts that include web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, spam and digital ad fraud.

Uncovered by the Distil Research Lab, the data reveals a new method by which perpetrators connect through cellular gateways to target a large variety of websites and apps simultaneously. Cellular gateways handle a huge volume of requests per minute, many of which are legitimate, making it difficult to identify and block criminal ones.

Within some cellular carriers, a single IP address can cater to more than 4,000 devices per day, making cellular traffic an ideal location for bots to remain undetectable. As mobile devices move through different gateways, (based on device owners changing location throughout the day,) bots effectively change identities to make detection even more difficult.

Mobile bots by the numbers:

  • Sample size: Over 100 million devices
  • Number of mobile carriers researched: Six
  • Percentage of mobile ISP gateways used in bad bot attacks: 44 percent
  • Percentage of total bad bot traffic deriving from mobile devices on cellular networks: 8 percent
  • Percentage of mobile devices making bad bot requests on cellular networks: 5.8 percent
  • Average number of bad bot requests by each device per day: 50.

mobile malicious bots

“Mobile is the new frontier for bot operators, as they can perform highly advanced attacks while remaining hidden in plain sight,” said Rami Essaid, chief product and strategy officer at Distil Networks. “Whether inadvertently downloaded through an email attachment, or embedded in a seemingly legitimate app, millions of consumers unknowingly carry malware on their devices that allows cybercriminals to conduct bot attacks, abuse and fraud. We have seen bot operators develop and enhance their techniques throughout the years, but the threat to mobile devices is real and growing, and can have detrimental consequences.”

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.