Companies with an online presence are directly affected by bad bot traffic, forcing them to divert essential resources to deal with a problem that’s becoming increasingly larger. Just in 2019, 24.1% of the entire Internet traffic came from bad bot traffic.
The notion of bad bots and good bots might not seem like something people and companies should worry about, but it’s actually more relevant than it seems. To understand why bad bots are an issue for any company, we need to detail what they do.
Bad bots act against the interest of companies and even entire industries in multiple ways. Some of the traffic generated by the activity of the bad bots is a problem in itself, but their actions are usually more damaging. Some businesses might see their marketplaces scrapped for prices by the competition or, worse, directly steal content such as product descriptions, for example. No matter the result, it’s always damaging.
Another aspect is a lot more related to criminal conduct and nefarious interest. Bad bots can be used to take over existing accounts with the help of a technique called credential stuffing. Basically, a script is set up to keep trying out known or leaked user names and passwords until something works.
Bad bots can also be used to create new accounts for any number of services, allowing them to be used for spam, new account promotions and even propaganda. It’s also a vehicle for credit card fraud, DoS attacks, and many other dirty tricks that vary depending on the industry.
According to Imperva research, all Internet traffic in 2019 consisted of 62.8% portion from humans, the 24.1% from bad bots (an 18.1% increase since 2018), and only 13.1 from good bots (a 25.1% decrease since 2018).
All industries are affected by this issue, to a different degree, but it looks like the financial services are the hardest hit, with bad bots attempting to access user accounts using credential stuffing and making up 47.7% of the registered traffic.
Following closely behind is Education, with a 45.7% bad bot traffic. Surprisingly, bots are deployed in this case to scrap online resources for research papers, for class availability, and to access user accounts through credential stuffing. IT and services (45.1%), marketplaces (39.8%), and government (37.5%) are the next industries on that list.
Many of the bat bots use various user agents to disguise themselves in an effort of not getting caught, and Google Chrome is the software they impersonate the most, accounting for 55.4% of the entire traffic. And lastly, it turns out the United States is the main actor, with 45.9% of attacks coming from this country and its data centers, followed by Russia with 21.1% and China with 19%.