A report published by Barracuda Networks in 2021 found that almost 40% of Internet activity, globally, is produced by malicious bots and bot networks; these include web scrapers, advanced persistent threats, and attack scripts, among others. Bot activity generally makes up about 64% of all web traffic, Barracuda found.
Key findings from the report include:
most bot traffic originates in the two largest public clouds: Microsoft Azure and Amazon Web Services (AWS).
e-commerce applications and login portals are the biggest targets for advanced persistent threats
North America accounts for 67% of bad bot traffic
bad bots follow a standard workday, to avoid raising suspicions of victim organizations
Unpacking the last point a bit more: bad bots are designed to follow a standard workday to blend in with other legitimate traffic. In doing so, the developers of these bots avoid raising human suspicion while they perform attacks against online resources, such as impersonating legitimate security vulnerability scanners.
Another example of malicious bot activity during the workday: bots accessing the login page of a medical service provider by altering browser header strings. By posing as a standard installation of Internet Explorer (which is now deprecated by Microsoft) on Windows 10 and appending seemingly random UTM parameters to the end of the URL. The bot used a brute force technique with stolen login credentials in an attempt to access wider company resources.
Finally, a malicious bot was found doing large scale scraping of a business-to-business e-commerce site in the UK. In this instance, browser header information appeared normal but Barracuda's network detected the client using Web SDK, typically used for automation (such as web scraping, which has plenty of legitimate uses). Additional red flags were raised in this instance since the site was being accessed from a residential IP address, which would be very rarely seen in a B2B website's network logs.
In most of these malicious bot scenarios, things like browser header manipulation and unusual traffic patterns give away the bot's true intent, but only if businesses have an IDS/IPS (intrusion detection/intrusion prevention) system in place. As web-based attacks grow more sophisticated and particularly costly and damaging variants like ransomware-based attacks grow in number, your organization needs a coherent web security system in place, with access control and credentialing policies to minimize your attack surface.
The good news is that, along with the increase in sophistication of malicious bot activity on the Internet, defenses have also grown appreciably more sophisticated, to boot. AI and machine learning have allowed threat detection and prevention platforms to evolve rapidly over the past decade, from comparatively crude programs relying on simpler heuristics to detect zero-day and advanced threats, to agile systems that can detect and stop threats that haven't been previously seen.
Is your business at risk? Get in touch with Geek Housecalls today for a free security assessment and let us help you protect your critical online resources.