Once used primarily by search engines, automated bots now account for nearly two-thirds of all Internet traffic. This is according to new research by Barracuda, which found that bad bots, which carry out a range of malicious activities including web and price scraping, inventory hoarding, account takeover attacks, Distributed Denial of Service, DDoS, attacks, and more, now account for a staggering 40% of all Internet traffic.
Over the last year, owing to lockdowns and a growing emphasis by organisations on offering digital services, consumer’s utilisation of online shopping and other online services has skyrocketed. Attackers have been quick to attempt to exploit this popularity and Barracuda’s researcher found that eCommerce applications and login portals are now most targeted by advanced persistent bots.
While the Internet activity of bad bots now exceeds that of humans, attackers have been developing these automated programs in a manner that mimics human activity. Most notably, Barracuda’s research found that bad bot behaviour peaks during work hours, closely mirroring trends in human Internet utilisation. This is in sharp contrast to good bots are not trying to circumvent security defences and therefore maintain traffic rates that are fairly constant through the day.
Though the rise of public cloud has had an undeniably positive impact, it has also empowered cybercriminals. Barracuda’s research shows that most bot traffics now comes for the two large public cloud providers, Amazon Web Services, AWS, and Microsoft Azure, in roughly equal measure.
Barracuda’s report titled, Bot attacks: Top Threats and Trends, Insights into the growing number of automated attacks, explores emerging traffic patterns, live examples of bot behaviour and detection, and the steps organisations should take to protect their business.
Nitzan Miron, VP of Product Management, Application Security, Barracuda, said, “While some bots like search engine crawlers are good, the research shows that a much larger number of bots are dedicated to carrying out malicious activities at scale. When left unchecked, these bad bots can have serious consequences for businesses and ultimately lead to a breach. That is why it is critically important to be prepared to detect and block these attacks.”