Bad Bots – What Are They And Where Do They Come From?

Bots Report

Bad Bots

A ‘bot’, short for ‘web robot’, is a small software application that can run automated tasks over the internet. Their primary function is to fetch script and analyse web server information at a considerably faster rate than a human could achieve.

Unfortunately, cyber-criminals have been quick to take advantage of the technology. ‘Bad Bots’ are now considered to be one of the most sophisticated types of crime-ware facing the internet today.

Founded in 2011, Distil Networks is the leading public and private cloud security provider for blocking malicious bots and other automated computer programs from attacking a website. They have just released a new report titled ‘The Bad Bot Landscape’. The report analyses their own extensive database to reveal key information about the sources and uses of bad bots in 2014.

CloudTweaks takes a look at some of their findings…

Where Do Bots Come From?

Historically it has been presumed that the vast majority of bad bots originate in three places – Russia, China, and India. The assumption has always been that countries with a below-average level of internet security are a perfect location from which cyber-criminals could base their activities.

Interestingly, Distil’s report disproves the theory, instead finding that these countries only occupy the fifth, eighth, and seventeenth spots on the list respectively. Remarkably, the top four countries on the list are all places that are considered to have excellent levels of internet security and cyber-criminal defence – specifically the US, the UK, Germany and the Netherlands.

Distil point out that the main consequence of this finding is that owners of websites should not try to block traffic based on its country of origin. It is an ineffective method that bot owners will easily be able to circumnavigate.

Bad Bots

Which Hosting Providers and ISPs Do Bots Originate From?

Yesterday we looked at cloud-based fraud, and one of our conclusions was that hosting could be purchased cheaply and anonymously by criminals by using a stolen credit card. For this same reason, hosting providers are also highly popular amongst bot creators. The knock-on effect of this is that ISPs that provide bandwidth to hosting providers are the origin a large percentage of bad bot traffic.

In their report, Distil noted 1,132 organisations that could be classified as either an ISP or hosting provider which have at least 70 percent of their entire traffic volume consumed by bad bots. Some companies, such as SWITCH communications Group and SoftLayer Dutch Holdings, are close to 100 percent – clocking in at worrying 96.41 percent and 97.61 percent respectively.

They conclude that the commonly held belief that blocking the world’s largest hosting sites, such as Amazon Web Services, will protect against the majority of bad bots is actually a fallacy. Only 14.28 percent of the world’s bad bot traffic originates from Amazon, meaning this methodology would still leave you exposed to 85 percent of bad bot traffic.

Distil claim that even if an organisation blocks the worst offending ISPs and hosting providers, they would still be exposed to 40 percent of the world’s bad bots – that’s roughly 2.1 billion malicious codes.

What steps do you take to protect yourself from bad bots? Have you experienced a cyber-criminal attack in your organisation? Let us know in the comments below.

By Daniel Price

Atman Rathod

How APIs and Machine Learning are Evolving? 

Machine Learning Continues to Make API Development Better  For any developer, API or Application Programming Interfaces come as the helpful components to add valuable features and functionalities with the app they develop. API in many ...
Juan Pablo Perez Etchegoyen

69% of Enterprises are Moving Mission-Critical Information to the Cloud

Why Security matters According to a research study by the Cloud Security Alliance (CSA), 69% of enterprises are moving mission-critical information to the cloud. These migrations are massively complex and take meticulous planning to ensure ...
The Top 20 Cybersecurity Startups To Watch In 2021

The Top 20 Cybersecurity Startups To Watch In 2021

20 Cybersecurity Startups Cybersecurity, privacy and security startups have raised $1.9 billion in three months this year, on pace to reach $7.6 billion or more in 2021, over four times more than was raised throughout ...
The Top 20 Machine Learning Startups To Watch In 2021

The Top 20 Machine Learning Startups To Watch In 2021

Machine Learning Startups There are a record number of 9,977 machine learning startups and companies in Crunchbase today, an 8.2% increase over the 9,216 startups listed in 2020 and a 14.6% increase over the 8,705 ...
Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021

Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021

Top 10 Tech Job Skills Predicted According to Burning Glass Technologies, the two tech job skills paying the highest salary premiums today and in 2021 are IT Automation ($24,969) and AI & Machine Learning ($14,175) ...
Marty

Digital Transformation: Adapting Your Business Online

The Age of Digital Transformation There is little doubt that the transition to cloud computing is driving an insatiable demand for digital transformation. Countless organizations around the world are embarking on a program to change ...