Last year we discussed Imperva’s online bot and traffic statistics for 2022. At the time, they estimated that 42.3% of total web traffic consisted of online bots. Now, as of the 2023 reporting, a total of 49.6% of online traffic wasn’t human. This marks the fifth consecutive year where levels have increased – and this is only expected to rise with the increased usage of Artificial Intelligence.
What is a Bot?
A bot is a software program that runs automated tasks and operates on the Internet. Usually, bots are used to perform simple and repetitive tasks in a manner much faster than any human could. It should be noted that some online bots are “good”, while others are “bad” and used to launch malicious attacks.
Good Bots
Good bots are a critical part of the internets ecosystem, serving an important purpose. An example of this is a search engine spider – or “web crawler” – allowing internet search companies (such as Google) to analyse millions of files on servers throughout the world. Around 15% of total web traffic consists of these good bots.
Bad Bots
Bad bots are are malicious with their intent. Bots can prove to be quite persistent on their targets, presenting a challenge for businesses that want to maintain smooth operations. Bots can impact bandwidth consumption, thus effecting the experiences for a businesses legitimate customers visiting their site. OWASP, Open Web Application Security Project, detail an extensive list of automated threats bots present. Some of which include:
- Scraping data from sites without permission from site owners with the intent to reuse it to gain a competitive edge.
- Scalping stock from websites through automation, especially for limited availability items, and reselling them at a higher price.
- Creating distributed denial of service (DDoS) attacks targeted at networks or applications.
- Spamming website comments or emails with unsavoury comments and phishing links.
How do “Bad Bots” Operate?
Bad bots operate by attempting to interact with applications in the same way a legitimate human user would – masking themselves to avoid detection. This makes bots increasingly difficult to identify and block, especially with technology and bot methods advancing over the years. Through the nature of their automation, bots enable high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs.
It’s important to remember that these malicious online bots do not act on their own, but are the product of “bot operators”. These bot operators can range from being antagonistic hobbyists that enjoy wreaking havoc, to immoral competitors wanting to gain an upper hand in their industry, to fraudsters utilising the online landscape to conduct their scams in mass.