Distil Networks Releases Fourth Annual Bad Bot Report, Revealing Bad Bots Most Prevalent on Websites with Login Pages

March 15, 2017

Distil Universal ACL Offers a Policy-Driven, Easy-to-Manage Approach, Eliminating the Pain of Managing and Updating Longs Lists of IP Addresses

San Francisco, CA – March 16, 2017– Almost every website with a login page is under attack from bad bots, the automated programs used by hackers, fraudsters and competitors to carry out a variety of nefarious activities, according to a new report from Distil Networks, Inc., the global leader in bot detection and mitigation.

Today, Distil released its fourth Bad Bot Report titled, “The 2017 Bad Bot Report: If You Build It, They Will Come.” It serves as the IT security industry's most in-depth analysis on the sources, types and sophistication levels of 2016’s bot activity.

The report found that websites requiring a login are almost certain to be attacked by bad bots, with 96 percent of such sites targeted by malicious bots. Bad bots are used by competitors, hackers and fraudsters and are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, spam, digital ad fraud, and downtime.

“Massive credential dumps like Ashley Madison and Yahoo, coupled with the increasing sophistication of bad bots, has created a world where bad bots are running rampant on websites with accounts,” said Rami Essaid, CEO and co-founder of Distil Networks. “Website defenders should be worried because once bad bots are behind the login page, they have access to even more sensitive data for scraping and greater opportunity to successfully carry out transaction fraud.”

Key Findings:

Bad Bots By The Numbers:

  • 40% of all web traffic in 2016 originated from bots. Bad bots alone were responsible for 20% of web traffic and increasingly impact large websites.
  • 76% of bad bots lie about coming from the most popular browsers, including Chrome, Safari Internet Explorer and Firefox.
  • 60% of bad bots come from data centers, as opposed to residential or mobile. Amazon is the top originating Internet Service Provider (ISP) for the third year in a row, with 16% of all bad bot traffic—four times more than the next ISP.
  • 16% of bad bots self-reported as mobile users. For the first time, Mobile Safari made the top five list of self reported user agents, outranking Web Safari.
  • 75% of bad bots were Advanced Persistent Bots (APBs). Today’s APBs are either sophisticated in that they can load JavaScript, hold onto cookies, and load up external resources, or persistent, in that they can randomize their IP address, headers, and user agents.

Automated Threats in Detail:

  • 97% of websites with proprietary content and/or pricing are being hit by unwanted scraping.
  • 90% of websites were hit by bad bots that were behind the login page, including websites with account login sections, payment portals, and transaction platforms.
  • 31% of websites with forms are hit by spam bots, which damages customer experience, affects brand perception, and diverts traffic off the site.

The report also includes attributes that make specific websites appealing to bad bot actors. Websites that have one of the following attributes are most attractive to bad bots:

  • Unique content and/or product and pricing information
  • Sign-up, login, and account pages
  • Payment processors
  • Web forms, such as contact, discussion forums, and reviews

The findings are based on 2016 data collected from Distil Networks’ global network, and includes hundreds of billions of bad bot requests, anonymized over thousands of domains.

To download a full copy of the report, visit https://resources.distilnetworks.com/whitepapers/2017-bad-bot-report.

To learn more, register for the upcoming webinar “Distil Networks 2017 Bad Bot Report -- 6 High Risk Lessons for Website Defenders,” taking place on Tuesday, March 21, at 10AM PT/1PM ET. https://www.brighttalk.com/webcast/13493/245997

 

About Distil Networks
Distil Networks, the global leader in bot detection and mitigation, is the first easy and accurate way to identify and police malicious website traffic, blocking 99.9% of bad bots without impacting legitimate users. Distil protects against web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, and downtime. Slash the high tax that bots place on your internal teams and web infrastructure and make your online applications more secure with API security, real-time threat intelligence, a 24/7 security operations center, and complete visibility and control over human, good bot, and bad bot traffic. For more information on Distil Networks, visit us at www.distilnetworks.com or follow @DISTIL on Twitter.

 
Previous Article
Distil Networks Uncovers Sophisticated Gift Card Fraud Bot
Distil Networks Uncovers Sophisticated Gift Card Fraud Bot

Major Retailers Facing GiftGhostBot Attacks Attempting to Defraud Consumers

Next Article
Distil Networks Releases Web Application Security Industry's First Access Control Lists to Leverage Device Fingerprints
Distil Networks Releases Web Application Security Industry's First Access Control Lists to Leverage Device Fingerprints

Distil Universal ACL Offers a Policy-Driven, Easy-to-Manage Approach, Eliminating the Pain of Managing and ...