Bots are becoming a bigger threat as they get smarter, a new report says.
A whopping 73.6 percent of bad bots are so-called Advanced Persistent Bots, which use anonymous proxies, change their identities and mimic human behavior, according to the 2019 Bad Bot Report from Distil Networks, which provides Web content protection services.
The growing pool of hacked credentials, or sensitive data, is a windfall for bad bot operators. “Every new data breach sees an increased availability of credentials and leads to higher volumes of bad bot traffic,” Distil said. “With over 14 billion credentials stolen since 2013, the problem is...only getting worse.”
What characterizes a bad bot exactly? A bot, generally, is software that runs automated tasks or scripts. The typical bad bot scrapes data from sites without permission in order to reuse it, usually to gain a competitive edge, the report said. But the really bad bots are part of criminal enterprises, such as fraud and theft.
Good bots, on the other hand, are innocuous search engine crawlers such as GoogleBot that, via indexing, help people match their queries with the most relevant websites.
Sophisticated bad bots reproduce mouse movements and clicks that fool even sophisticated detection methods and mask their activity by “reverse engineering detection systems,” Distil said.
“Advanced attackers now show definitive behavior that they know about the technology they’re trying to defeat, and they’re continuously learning how to adapt their tactics,” the study said.
Financial services companies have the highest percentage of bad bots, with these companies typically getting hit by bots attempting to access user accounts, Distil said.
Other industries that are adversely affected are:
- Ticketing, where bots influence ticket prices and seat inventory.
- The government, which deals with election bots that attempt to interfere with voter registration accounts;
- Airlines, which contend with price scraping bots from competitors.
- E-commerce companies are targets of price scraping, content scraping, account takeovers, credit card fraud and gift card abuse.
In 2019, the U.S. topped the list of bad bot originating countries for the fifth straight year. “It remains the only bad bot superpower, from which more than half (53.4 percent) of all bad bot traffic originates,” Distil added in its report.