What to Know
Distil Networks released its annual Bad Bot Report today, investigating billions of bad bot requests online
Researchers found bad bots were responsible for 1 in 5 website requests in 2018
Bad bots are primarily targeting websites for companies in the financial, education, and event ticketing industries
Bots — they’re tiny, often undetectable, and they’re causing chaos across all corners of the internet. Now, a new report from an online security firm with operations in San Francisco finds bots are more prevalent than ever before.
Today, Distil Networks released its annual Bad Bot Report, an analysis of what it describes as "hundreds of billions of bad bot requests" attacking websites and mobile phone apps. Distil says these invisible armies are now making up a whopping 20% of all web traffic — with about one in five website requests coming from a bot.
"Bot operators and bot defenders are playing an incessant game of cat and mouse," said Tiffany Olson Kleeman, Distil Networks’ CEO. "Techniques used today, such as mimicking mouse movements, are more human-like than ever before."
A "bot" is a small, autonomous computer program designed to imitate human behavior, to manipulate online services, such as banks and event ticket sellers. Millions of bots can work together in order to accomplish the goals of hackers, corporate spies, and other criminal actors.
Distil identified Amazon as the largest internet service provider originating bad bot traffic. Researchers claim 18% of all bad bots could be traced back to online systems hosted by Amazon, which is one of the world’s largest web service providers. Amazon did not immediately respond to an NBC Bay Area request for comment on the Distil study.
Distil says bad bots specifically go after a number of key industries, as hackers hope to penetrate their website defenses and take over user accounts or steal data. Banks and financial services remain a favorite target for bad bot operators, as they generate more than 42% of traffic to such websites. Event admission ticket sellers — like sports teams and concert venues — saw similar results, as bot users aggressively try to snatch up tickets and resell them at inflated prices.
Bots are even penetrating industries you might not expect. Researchers noted growth of bad bot activity on websites for education, health care, and advertising providers.
"Bad bots continuously target all of these industries daily, with defenses requiring constant optimization," the Distil report authors wrote. "Some are hit by sophisticated bots that repeatedly perform a specific task, such as checking credit card numbers. Another may be scraped for pricing content, while a third may be victimized by bad bots checking gift card balances."
The entire Distil report can be read here.