Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Bad Bots’ Impact on Mobile Web Traffic Rose in 2014: Research

Bots are busy little bees on the Internet, and the world of mobile computing may be their next frontier.

According to new research from Distil Networks, 2014 was the first year that bots masking themselves as mobile web users began arriving in droves and a mobile carrier [T-Mobile USA] appeared on the list of the top 20 Internet Service Providers serving bad bot traffic.

Bots are busy little bees on the Internet, and the world of mobile computing may be their next frontier.

According to new research from Distil Networks, 2014 was the first year that bots masking themselves as mobile web users began arriving in droves and a mobile carrier [T-Mobile USA] appeared on the list of the top 20 Internet Service Providers serving bad bot traffic.

Overall, bad bots were responsible for more than eight percent of mobile web traffic, according to the report.

“Bots tend to follow the trends in real usage by a lag of six to twelve months,” said Rami Essaid, CEO and co-founder of Distil Networks. “For example, when Chrome started overtaking other web browsers, we saw the bots follow that trend…reporting themselves as Chrome. Now we’re seeing the same thing with mobile. We’re seeing bots running on mobile networks, as malware on end user devices, as well as farms of cheap mobile android devices. Also, mobile sites tend to be easier to scrape because they provide the bots with more structured access to data.”

While good bots such as search engine crawlers can benefit a site, bad bots are key culprits behind everything from unauthorized vulnerability scans to brute force attacks, according to Essaid.

“A bot is a tool; a mechanism by which to automate an action,” Essaid told SecurityWeek. “Hackers use it to break into accounts. Competitors use it for competitive data mining. The minimum threshold for a bad bot would be one that provides no value to the host. Kind of like a parasite. If you don’t provide value back to the site then it’s a bad bot. For example, if you had a retail store and people were secret shopping you, doing competitive intelligence, with no intent of buy anything, then you have a right to ask them to leave. “

The dataset in the report covers the 23 billion bad bot threats the company observed in 2014 as well as good bot and human traffic. The dataset resides in Distil’s Hadoop Cluster and includes data from hundreds of customers as well as Distil’s global network of 17 data centers, according to the company.

Overall, bots made up 59 percent of all web traffic in 2014, with roughly 22 percent of that traffic coming from bad bots. That percentage is actually a drop from 2013, when 24.22 percent of all web traffic could be traced to bad bots.

Advertisement. Scroll to continue reading.

In 2014, 41 percent of bad bots attempted to enter a website’s infrastructure disguised as legitimate human traffic. Twenty-three percent of them were categorized as ‘highly sophisticated’ and were immune to bot detection methods found in many Web application firewalls. Seven percent of bad bots disguised themselves as good bots such as Googlebot and Bingbot.

“Webmasters allow entry of the Googlebot to their website infrastructure for SEO purposes,” according to the report. “When a bad bot masked as the Googlebot enters a site, it can cause a wide range [of] problems without raising any alarms.”

The research can be read here.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.