14 DAY TRIAL // Distil Networks, a company specialized in bot detection and mitigation, has released today its third annual report detailing bot activity on the Internet.
The report shows that, during 2015, the number of bots, both good and bad, went down compared to the previous year, with Distil's telemetry data detailing that 46% of the whole Internet traffic is accounted for by bots, with 18% being "bad bots."
2015 is the first time since 2013 when humans outnumbered bots on the World Wide Web, but the company is not viewing this as a positive thing, also noticing a rise of Advanced Persistent Bots (APBs), which accounted for 88% of all the malicious bad bot traffic.
Modern bots can easily pass as humans for analytics and WAF services
APBs are bots capable of mimicking human behavior and performing a wide range of technical operations, previously thought as too complex for meager bots.
This list includes the ability to load JavaScript, load external assets, tamper with cookies, perform browser automation, spoof IP addresses and use custom user agents. Additionally, APBs can also dynamically change IPs to evade detection, either by using TOR or proxy services.
According to data gathered by Distil's staff, 53% of these bots can now load JavaScript, 36% can change user agents, 39% can mimic a human's interaction with a Web page, while a whopping 73% can rotate IPs to hide their origin source. Of this latter category, 20% were even seen using more than 100 different IPs per campaign.
The digital publishing industry is decimated by bot traffic
In most cases, the crooks behind these bad bot campaigns were preferring to use Chrome's user-agent to pass as legitimate traffic, taking advantage of it in 26% of all detected instances.
Most bots targeted medium-sized websites, where they accounted for 26% of the entire traffic.
The vast majority of this bot traffic originated from the US, mainly hosted on Amazon's AWS infrastructure. China's ISP also contributed a large amount of traffic, but the good news is that Comcast and Time Warner cleaned up their act and have fallen off the top 20 origin ISP list.
As for their targets, the hardest-hit industry was digital publishing, where bots account for 31% of the entire traffic. During 2015, the industry that saw the biggest rise in bot traffic was real estate, where bot traffic grew 300%.
For more details, the full 16-page 2016 Bad Bot Landscape Report: The Rise of Advanced Persistent Bots is available on Distil Networks' site.
