Bot attack sophistication continues to evolve, as advanced attackers learn to adapt their techniques in order to invalidate existing defense tactics, according to Distil Networks.
The report investigates hundreds of billions of bad bot requests from 2018 over thousands of domains to provide deeper insight into the daily automated attacks wreaking havoc on websites, mobile apps and APIs.
“Bot operators and bot defenders are playing an incessant game of cat and mouse, and techniques used today, such as mimicking mouse movements, are more human-like than ever before,” said Tiffany Olson Kleemann, CEO of Distil Networks.
“As sophistication strengthens, so too does the breadth of industries impacted by bad bots. While bot activity on industries like airlines and ticketing are well-documented, no organization – large or small, public or private – is immune. When critical online activity, like voter registration, can be compromised as a result of bad bot activity, it no longer becomes a challenge to tackle tomorrow. Now is the time to understand what bots are capable of and now is the time to act.”
Bad bots are used by competitors, hackers and fraudsters and are the key culprits behind account takeovers or hijacking, web scraping, brute-force attacks, competitive data mining, transaction fraud, data theft, spam, digital ad fraud and downtime.
This report underscores the increasing pervasiveness of bad bots, revealing that no industry is safe from malicious bot activity.
Key findings from the Bad Bot Report 2019: The Bot Arms Race Continues:
- In 2018, bad bots accounted for 1 in 5 website requests (20.4 percent of web traffic). Good bots decreased slightly to make up 17.5 percent of traffic.
- 73.6 percent of bad bots are classified as Advanced Persistent Bots (APBs), which are characterized by their ability to cycle through random IP addresses, enter through anonymous proxies, change their identities, and mimic human behavior.
- Nearly 50 percent (49.9 percent) of bad bots report their user agent as Chrome. Mobile browsers, such as Safari Mobile, Android and Opera increased from 10.4 percent last year to 13.9 percent.
- Amazon is the leading ISP for originating bad bot traffic. In 2018, 18 percent of bad bot traffic originated from Amazon compared with 10.62 percent the previous year.
- Despite the fact that 53.4 percent of bot traffic originates from the United States, Russia and Ukraine combined make up nearly half (48.2 percent) of country-specific IP block requests.
This year’s report provides a comprehensive breakdown of some of the top industries impacted by bots and the specific challenges they face.
Key findings include: