TAP Into Technology | Blog

Bad Bots, Bad Bots - They're Coming For You

Posted by Tim O'Neill on 5/11/17 8:00 AM

Bad BotsSo, whatcha going to do when Bad Bots come for you?

According to a recent report by
Distil Networks, Inc.,the global leader in bot detection and migration, it seems like almost every website that has a login page has bad bots. Bad bots are the automated programs used by hackers, fraudsters and competitors to carry out a variety of activities.

To keep up on all the bad bot activity, Distil released its fourth bad bot report entitled “The 2017 Bad Bot report: If you Build it, They Will Come.” It is the most in-depth analysis on the levels of 2016’s bot activity.
The findings in the report suggest that websites that require a login are almost certain to be attacked, with 96% of such sites targeted by malicious bots. Bad bots are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, spam, digital ad fraud, and downtime.

Whatcha going to do?

Download Maximizing Visibility!

Key Findings Show What Effect Bots Had on all Traffic:

  • 40% of all web traffic in 2016 originated from bots. Bad bots alone were responsible for 20% of web traffic and increasingly impact large websites.

  • 76% of bad bots lie about coming from the most popular browsers, including Chrome, Safari Internet Explorer and Firefox.

  • 60% of bad bots come from data centers, as opposed to residential or mobile. Amazon is the top originating Internet Service Provider (ISP) for the third year in a row, with 16 %% of all bad bot traffic - four times more than the next ISP.

  • 16% of bad bots self-reported as mobile users. For the first time, Mobile Safari made the top five list of self reported user agents, outranking Web Safari.

  • 75% of bad bots were Advanced Persistent Bots (APBs). Today's APBs are either sophisticated in that they can load JavaScript, hold onto cookies, and load up external resources, or persistent, in that they can randomize their IP address, headers, and user agents.

The report also includes attributes that make specific websites appealing to bad bots, including: unique content and/or product and pricing information; sign-up, login, and account pages; payment processors; web forms, such as contact, discussion forums, and reviews.


How to Stop Bad Bots?

For smaller organizations, using WordPress or a CMS block bots requests with available plugins. This article by Perishable Press is a quick and easy resource to find free and paid plugins such as: Black holes, BBQs, advice for PHP, database driven sites, and how to access and analyze log files.

For corporate settings, implementing a web application firewall, (WAF) that is dedicated to defending incoming web-based traffic streams in real-time is imperative. You’re going to want to select a vendor with the ability to analyze and classify all incoming traffic to your website and can distinguish between human and bot traffic, and identifies the “good” the “bad” and the “suspected” bots.

Architecting Active, In-line Deployment of WAF and
Bypass Network TAP

Imperva Flow Bypass

In this scenario, the bypass network TAP is deployed between the live network traffic and Imperva’s SecureSphere WAF. By having both devices actively, in-line all traffic is inspected by the WAF. The network bypass TAP ensures network uptime, even in the event of security updates and maintenance.

Don’t let cyber-criminals steal your assets, ruin your reputation or comprise hard-won customer relationships. Learn how to mitigate risk with tips from our latest paper, Optimizing Network Design in Security Projects

Topics: Network Security, Hacks and Data Breaches