14 DAY TRIAL // The Internet is full of bots, some of which don't have your best interest at heart. In fact, bad bots attack 96% of websites with login pages and highly active within user accounts. This puts companies at risk of data theft, account takeover, and even fraud.
According to a new report from Distil Networks, a company that handles bot detection and mitigation, almost every website that has a login page is under attack from bad bots. These automated programs put at use by hackers and other cyber criminals can be quite efficient in their endeavors.
The report finds that websites requiring a login are almost certainly being attacked by bad bots. With a 96% attack rate, it's probably pretty easy to name such a site at the top of your head and get it right. These bad bots are used by competitors, hackers, and fraudsters, and they're most often than not to blame for web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, spam, digital ad fraud, and site downtime.
“Massive credential dumps like Ashley Madison and Yahoo, coupled with the increasing sophistication of bad bots, has created a world where bad bots are running rampant on websites with accounts,” said Rami Essaid, CEO and co-founder of Distil Networks. “Website defenders should be worried because once bad bots are behind the login page, they have access to even more sensitive data for scraping and greater opportunity to successfully carry out transaction fraud.”
The scary world of bots
The Internet is full of bots, both good and bad. In fact, their presence is so vast that 40% of all web traffic in 2016 came from bots. Bad bots alone were responsible for half that amount.
Data shows that 60% of bad bots come from data centers, not residential or mobile. Amazon is the top originating Internet Service Provider for the third year in a row, with 16% of all bad bot traffic. This is the about four times more than the next ISP.
There are many things that attract the actors putting these bad bots at work, but some patterns have been observed. The report shows that unique content and product and pricing information are quite attractive attributes to bad bots. Next, sites with sign-up, login and account pages are often being targeted too, as well as payment processors and sites that have web forms, such as contact, discussion forums or review sections.