Almost every website with a login page is under attack from bad bots, the automated programs used by hackers, fraudsters and competitors to carry out a variety of nefarious activities, according to a new report from Distil Networks, Inc.
Distil released its fourth Bad Bot Report titled, “The 2017 Bad Bot Report: If You Build It, They Will Come.” It serves as the IT security industry's most in-depth analysis on the sources, types and sophistication levels of 2016’s bot activity.
The report found that websites requiring a login are almost certain to be attacked by bad bots, with 96% of such sites targeted by malicious bots. Bad bots are used by competitors, hackers and fraudsters and are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, spam, digital ad fraud, and downtime.
Bad Bots By The Numbers:
- 40% of all web traffic in 2016 originated from bots
- 76% of bad bots lie about coming from the most popular browsers
- 60% of bad bots come from data centers, as opposed to residential or mobile.
- 16% of bad bots self-reported as mobile users
- 75% of bad bots were Advanced Persistent Bots (APBs)
The report also includes attributes that make specific websites appealing to bad bot actors. Websites that have one of the following attributes are most attractive to bad bots:
- Unique content and/or product and pricing information
- Sign-up, login, and account pages
- Payment processors
- Web forms, such as contact, discussion forums, and reviews
The findings are based on 2016 data collected from Distil Networks’ global network, and includes hundreds of billions of bad bot requests, anonymized over thousands of domains.