top of page
  • Writer's pictureMatt Ferguson

Most of the Internet is bots, and most bots are bad

A report published by Barracuda Networks in 2021 found that almost 40% of Internet activity, globally, is produced by malicious bots and bot networks; these include web scrapers, advanced persistent threats, and attack scripts, among others. Bot activity generally makes up about 64% of all web traffic, Barracuda found.

Key findings from the report include:

  • most bot traffic originates in the two largest public clouds: Microsoft Azure and Amazon Web Services (AWS).

  • e-commerce applications and login portals are the biggest targets for advanced persistent threats

  • North America accounts for 67% of bad bot traffic

  • bad bots follow a standard workday, to avoid raising suspicions of victim organizations

Unpacking the last point a bit more: bad bots are designed to follow a standard workday to blend in with other legitimate traffic. In doing so, the developers of these bots avoid raising human suspicion while they perform attacks against online resources, such as impersonating legitimate security vulnerability scanners.

Another example of malicious bot activity during the workday: bots accessing the login page of a medical service provider by altering browser header strings. By posing as a standard installation of Internet Explorer (which is now deprecated by Microsoft) on Windows 10 and appending seemingly random UTM parameters to the end of the URL. The bot used a brute force technique with stolen login credentials in an attempt to access wider company resources.

Finally, a malicious bot was found doing large scale scraping of a business-to-business e-commerce site in the UK. In this instance, browser header information appeared normal but Barracuda's network detected the client using Web SDK, typically used for automation (such as web scraping, which has plenty of legitimate uses). Additional red flags were raised in this instance since the site was being accessed from a residential IP address, which would be very rarely seen in a B2B website's network logs.

In most of these malicious bot scenarios, things like browser header manipulation and unusual traffic patterns give away the bot's true intent, but only if businesses have an IDS/IPS (intrusion detection/intrusion prevention) system in place. As web-based attacks grow more sophisticated and particularly costly and damaging variants like ransomware-based attacks grow in number, your organization needs a coherent web security system in place, with access control and credentialing policies to minimize your attack surface.

The good news is that, along with the increase in sophistication of malicious bot activity on the Internet, defenses have also grown appreciably more sophisticated, to boot. AI and machine learning have allowed threat detection and prevention platforms to evolve rapidly over the past decade, from comparatively crude programs relying on simpler heuristics to detect zero-day and advanced threats, to agile systems that can detect and stop threats that haven't been previously seen.

Is your business at risk? Get in touch with Geek Housecalls today for a free security assessment and let us help you protect your critical online resources.

3 views0 comments

Recent Posts

See All

8GB of RAM Just Isn't Enough

When a company with the resources and reach of Apple still sells a base configuration MacBook with 8GB of RAM and 256GB of disk space in 2023, something has gone wrong. This isn’t to say other laptop

The day the world went away

– COVID exposed the frailty of just-in-time supply chains, and things aren’t getting better Since 2020, procurement in the tech sector has steadily become more difficult. Corporate purchasers and cons


bottom of page