According to the Distil Networks 2019 Bad Bot Report, as of April 2019, 37.9 percent of all traffic on the Internet was not human. No, we don’t mean our cats and dogs were browsing the web while we were sleeping, we’re talking about bots that are constantly scraping data off the internet. If you think 37.9 percent is high, bot traffic has actually gone down over the past two years, from a whopping 51.8 percent a few years ago, to 37.9 percent now. This percentage is also affected by the fact a lot more humans are now on the internet, thanks to cheaper smartphones and easier access to the web.
The concerning thing about bots is that a large percentage of them are malicious. Bots on the internet are divided into two categories, Good Bots and Bad Bots. This segregation is determined by the bot’s activity. Good bots are often employed for the proper functioning of websites and trackers. Health trackers for example, rely on monitoring bots. Without search engine bots we wouldn’t get relevant search results on Google. Feed fetcher bots are the ones that bring and display relevant website content to our social media feeds. Pretty useful, right?
20.4 percent of bots on the internet are Bad Bots. Fortunately, from 28.9 percent in 2016, bot traffic percentage has gone down. Still, bad bots are concerning for several reasons. A majority of them are impersonator bots, that steal identities to bypass security measures. They are commonly used to initiate DDoS attacks. Then you have the unauthorised data scrapers that try to extract data via reverse engineering. These are most commonly-employed in the ecommerce sector to scrape pricing and stock listings from the competition. A step further (and more malicious) is using them to scrape account and credit card info. Hackers employ bots to scour the internet for vulnerable websites which they can exploit, and then of course there’s the spammer bots, whose sole purpose in life is to spam links wherever they get an in.
In 2016, according to Imperva, 94.2 percent of all websites experienced a bot attack. According to statistics, every third visitor to a website was an attack bot!
For the most part, these attacks are weak, and the result of cybercriminals doing a wide-range attacks to look for vulnerabilities. Targeted attacks are a pain to deal with, but are far less common than these smaller automated attacks which are used to detect flaws in security or unprotected websites.
No website is safe from these attacks, even small websites one might think no hacker would be concerned with. Ironically, these are the best targets, because they’re the ones most likely to ignore the dangers of weak bot attacks and skimp on cybersecurity.
The Distil Bad Bot Report 2019 had some more interesting information; 49.9 percent of all bots appear as browsers running Google Chrome. 28.2 percent show up as the rest, including Firefox, Explorer and Safari. Makes sense considering Chrome is the undisputed most popular browser out there.
The more interesting thing, however, was that a whopping 53.4 percent of all bad bot traffic originates in the United States. The Netherlands is second, with a measly 5.7 percent. Funnily, the most commonly IP-blocked country is Russia, followed by Ukraine, which just goes to show you how important perception is when it comes to cybersecurity.