- The best foldable phones of 2024: Expert tested and reviewed
- Redefining customer experience: How AI is revolutionizing Mastercard
- The Apple Pencil Pro has dropped down to $92 on Amazon ahead of Black Friday
- This tiny USB-C accessory has a game-changing magnetic feature (and it's 30% off)
- Schneider Electric ousts CEO over strategic differences
Bad Bots Focus Attacks on E-Commerce Targets
Nearly two-fifths (39%) of all internet traffic is comprised of “bad bot” activity, with e-commerce assets most at risk of attack, according to a new report from Barracuda Networks.
The security vendor’s Bot attacks: Top Threats and Trends report revealed that automated traffic accounts for the vast majority (64%) of all internet traffic today — including search engine crawlers and social media bots.
However, only a quarter (25%) of this can be labelled “good bot” activity. Much more is the result of automated scripts attempting account hijacking, web scraping and much more.
Most of the traffic analyzed in the report came from AWS and Azure public clouds, which it’s claimed make it easy for threat actors to set up accounts for their malicious bot activity.
North America accounted for 67% of bad bot traffic, followed by Europe and Asia. However, in Europe, malicious bots are more likely to come from hosting services or residential IPs, the report said.
Although automated, these attacks are designed to follow a normal workday so as to blend into other traffic.
Examples provided by Barracuda included a bad bot probing for security vulnerabilities by masquerading as a legitimate vulnerability scanner, and another brute forcing the login page of a medical service provider with stolen credentials.
Others included a web scraping bot attempting to steal information from a B2B e-commerce store, and another doing the same with pricing information (aka “price scraping”) on an Eastern European e-commerce site.
In fact, Barracuda warned that e-commerce apps and login portals are the most common target of advanced persistent bots — which are harder to detect as they closely imitate human behavior.
“When left unchecked, these bad bots can steal data, affect site performance, and even lead to a breach,” explained Barracuda’s VP of product management, application security, Nitzan Miron.
“That’s why it’s critically important to detect and effectively block bot traffic.”
An Imperva report from April this year claimed that bad bots might even be used by unscrupulous scalpers to buy-up in-demand COVID-19 PPE to profit from the pandemic.