• Matt Ferguson

Most of the Internet is bots, and most bots are bad

A report published by Barracuda Networks in 2021 found that almost 40% of Internet activity, globally, is produced by malicious bots and bot networks; these include web scrapers, advanced persistent threats, and attack scripts, among others. Bot activity generally makes up about 64% of all web traffic, Barracuda found.


Key findings from the report include:

  • most bot traffic originates in the two largest public clouds: Microsoft Azure and Amazon Web Services (AWS).

  • e-commerce applications and login portals are the biggest targets for advanced persistent threats

  • North America accounts for 67% of bad bot traffic

  • bad bots follow a standard workday, to avoid raising suspicions of victim organizations

Unpacking the last point a bit more: bad bots are designed to follow a standard workday to blend in with other legitimate traffic. In doing so, the developers of these bots avoid raising human suspicion while they perform attacks against online resources, such as impersonating legitimate security vulnerability scanners.


Another example of malicious bot activity during the workday: bots accessing the login page of a medical service provider by altering browser header strings. By posing as a standard installation of Internet Explorer (which is now deprecated by Microsoft) on Windows 10 and appending seemingly random UTM parameters to the end of the URL. The bot used a brute force technique with stolen login credentials in an attempt to access wider company resources.


Finally, a malicious bot was found doing large scale scraping of a business-to-business e-commerce site in the UK. In this instance, browser header information appeared normal but Barracuda's network detected the client using Web SDK, typically used for automation (such as web scraping, which has plenty of legitimate uses). Additional red flags were raised in this instance since the site was being accessed from a residential IP address, which would be very rarely seen in a B2B website's network logs.


In most of these malicious bot scenarios, things like browser header manipulation and unusual traffic patterns give away the bot's true intent, but only if businesses have an IDS/IPS (intrusion detection/intrusion prevention) system in place. As web-based attacks grow more sophisticated and particularly costly and damaging variants like ransomware-based attacks grow in number, your organization needs a coherent web security system in place, with access control and credentialing policies to minimize your attack surface.


The good news is that, along with the increase in sophistication of malicious bot activity on the Internet, defenses have also grown appreciably more sophisticated, to boot. AI and machine learning have allowed threat detection and prevention platforms to evolve rapidly over the past decade, from comparatively crude programs relying on simpler heuristics to detect zero-day and advanced threats, to agile systems that can detect and stop threats that haven't been previously seen.


Is your business at risk? Get in touch with Geek Housecalls today for a free security assessment and let us help you protect your critical online resources.

0 views0 comments

Recent Posts

See All

The Internet changed marketing and advertising forever. Nearly unlimited reach combined with advanced audience metrics have made online marketing the advertiser’s sine qua non. Not so coincidentally,

In SMB (small-to-medium) and enterprise IT, locking hardware and software features behind paywalls is a common practice. This is a great model from the perspective of the hardware and software vendors

The consumer electronics industry is, and has always been, perched on the need to manufacture demand for more stuff. Why do you need an iPhone 14 when you just bought the iPhone 13 a year ago? Because