Distil Network’s sixth annual Bad Bot Report has found that the bad bot attack sophistication is continuing to evolve as advanced attackers learn to adapt their techniques in order to invalidate existing defence tactics.
Distil Networks has released its annual Bad Bot Report titled, ‘Bad bot report 2019: The bot arms race continues.’
The report investigates hundreds of billions of bad bot requests from 2018 over thousands of domains, to provide deeper insight into the daily automated attacks wreaking havoc on websites, mobile apps and APIs.
“Bot operators and bot defenders are playing an incessant game of cat and mouse, and techniques used today, such as mimicking mouse movements, are more human-like than ever before,” said Tiffany Olson Kleemann, CEO of Distil Networks.
“As sophistication strengthens, so too does the breadth of industries impacted by bad bots. While bot activity on industries like airlines and ticketing are well-documented, no organisation – large or small, public or private – is immune.
“When critical online activity, like voter registration, can be compromised as a result of bad bot activity, it no longer becomes a challenge to tackle tomorrow.”
Now is the time to understand what bots are capable of and now is the time to act.
Bad bots are used by competitors, hackers and fraudsters and are the key culprits behind account takeovers or hijacking, web scraping, brute-force attacks, competitive data mining, transaction fraud, data theft, spam, digital ad fraud and downtime.
Produced by the Distil Research Lab, a team of dedicated analysts who examine the most sophisticated automated threats for some of the world’s most attacked websites, this report underscores the increasing pervasiveness of bad bots, revealing that no industry is safe from malicious bot activity.
Key findings from the 2019 Bad Bot report:
- In 2018, bad bots accounted for 1 in 5 website requests (20.4% of web traffic). Good bots decreased slightly to make up 17.5% of traffic.
- 6% of bad bots are classified as Advanced Persistent Bots (APBs), which are characterised by their ability to cycle through random IP addresses, enter through anonymous proxies, change their identities and mimic human behaviour.
- Nearly half (49.9%) of bad bots report their user agent as Chrome. Mobile browsers, such as Safari Mobile, Android and Opera increased from 10.4% last year to 13.9%.
- Amazon is the leading ISP for originating bad bot traffic. In 2018, 18% of bad bot traffic originated from Amazon compared with 10.62% the previous year.
- Despite the fact that 53.4% of bot traffic originates from the United States, Russia and Ukraine combined make up nearly half (48.2%) of country-specific IP block requests.
This year’s report provides a comprehensive breakdown of some of the top industries impacted by bots and the specific challenges they face.
To download a full copy of Distil Network's report, visit: https://resources.distilnetworks.com/white-paper-reports/bad-bot-report-2019