The bot, a humble software application, has long been a tool of destruction (or at least frustration) for organizations with websites, web applications, or other online platforms. Malicious actors have mastered recruiting bot armies to commit DDoS attacks, credential stuffing, and account takeovers. As bots have become more common, a botnet attack has become more difficult to avoid. A significant percentage of web traffic is now bots, and a large proportion of that bot traffic is malicious, particularly in industries that are not focused on cybersecurity. Although bot attacks can be difficult to prepare for and defend against, preventative solutions like automated malicious traffic alerts and scalability solutions can help handle traffic spikes.
What is a Bad Bot?
Bots get a bad rap, but that’s not always justified. Some bots, like Googlebot or your company’s answer bot, are actually beneficial. Without Googlebot, which is a web crawler, the Google search engine would be virtually useless and unable to effectively answer users’ queries. Many companies use bots to help answer frequently asked customer questions, which is a great help if you happen to need answers after hours.
Unfortunately, there are plenty of bad bots out there that deserve the negative reputation. Many bots are essentially digital puppets, compromised devices that are used by attackers to launch attacks on both individuals and organizations. A DDoS attack, for example, occurs when an attacker creates a botnet of many devices and instructs each device to interact with a website or application. The sudden spike in traffic clogs the target, rendering it unable to communicate with legitimate traffic.
Credential stuffing is another type of bot attack that takes credentials obtained by an earlier attack and tries them on unrelated websites. The attacker is throwing login information against the wall and seeing what sticks, so to speak. To do this quickly, the attacker instructs bots to take the stolen credentials and try each one on a website until one is successful, which not only causes the same problem as a DDoS attack but also can potentially compromise more accounts (one more reason to never reuse a username or password).
Another attack on the rise due to bad bots is account takeover, which is when stolen credentials are used to log in to a legitimate account owned by an authorized user. By impersonating this user, the attacker is able to access private or sensitive data and sometimes move laterally within a security environment. These attacks are the most commonly associated with bad bots as they are connected to credential stuffing.
Bad Bots Make Up Nearly a Third of Internet Traffic
Considering the massive numbers of IoT devices, security cameras, computers, and phones in the world, it’s no surprise that bad bots, often hosted on poorly secured, internet-connected devices account for a significant amount of all internet traffic. Bad bots reportedly make up 30% of all internet traffic and 51% of malicious traffic, which are record high numbers. The bots are also getting sneakier. Since 2021, the percentage of malicious traffic has nearly doubled.
In 2022, account takeovers accounted for approximately 15% of all recorded logins, and the number of account takeovers overall increased 155% compared to the previous year. Attacks on APIs and web applications are also up, and many industries are affected. Interestingly, the gaming industry has the highest rate of bot attacks at 59% of traffic while financial services only saw 13% of its traffic attributable to bots. It’s possible that this is due to higher barriers in the financial services industry when compared to gaming or even retail, which has a moderate level of bot traffic at 21% of the whole.
Protecting Against Bad Bots
Evidently, the financial services industry is doing something right. To limit your bad bot traffic and protect your web applications and cloud environments from DDoS and other attacks, you should invest in anti-bot protection. Automated solutions that detect and block illegitimate traffic can help prevent DDoS attacks and credential stuffing, and scalability solutions can prevent a successful attack from taking down your website or application.
Automatic threat blocking prevents your company’s resources from being fully utilized by malicious traffic, which means that legitimate traffic is still able to send requests. On-call scalability serves a similar purpose; when illegitimate traffic is not successfully blocked, additional resources can be utilized to handle the spike in traffic. More servers can be devoted to your website, enabling your customers to access pages despite the bot attack.
Although bad bot attacks are on the rise, and there are many diverse attack types, by implementing the appropriate anti-bot solutions, you can be prepared. DDoS attacks especially are difficult to stop once they have started, so having alternative paths for traffic and alerts for suspicious activity can help you redirect an attack quickly, saving you from downtime and frustrated customers.
