Imperva: 1 in 3 Web Visitors is an Attack Bot

Every third visitor to a website is likely to be an attack bot – a trend which has persisted for the past five years, according to Imperva Incapsula.

The security firm’s Bot Traffic Report 2016 analyzed a sample of over 16.7 billion bot and human visits collected from 9 August to 6 November 2016, from 100,000 randomly chosen domains on the Incapsula network.

It claimed that, while not as dangerous as targeted attacks, “indiscriminate” bot-driven campaigns have the potential to compromise large numbers of sites that are poorly protected.

Out of the 100,000 domains sampled, 94% experienced at least one bot attack over the survey period.

For the fifth year in a row, “impersonator bots” were the most common, compromising 24% of all traffic on the Incapsula network and 84% of all bad bot attacks.

Typically it requires little effort on the part of the black hats to mask their bots as legitimate visitors and in so doing bypass traditional security filters, Imperva Incapsula claimed.

As such, they’re used most frequently to launch DDoS attacks, with notable examples being Nitol, Cyclone and the infamous IoT-botnet Mirai, but they can also be used to compromise sites and carry out acts such as ticketing fraud, purchasing large numbers of online tickets which can then be resold by scalpers at a profit.

Igal Zeifman, security evangelist at Imperva Incapsula, argued that intelligent traffic filtering is essential to mitigating the bot threat – but only solutions which can cross-reference multiple signals, including on-site behavior.

“Most DIY solutions, however, are based on indiscriminately blocking visitors based on the content of their user-agent headers. It's an outdated method that's prone to false positives and is ultimately ineffective against the majority of attackers,” he told Infosecurity.

“In our study we mention the Nitol DDoS bots, which we recorded using over 14,000 different user-agent variants and 17 identities. This is an extreme example, but it helps showcase just how inept the DIY option is when facing increasingly sophisticated malicious bots.”

Bots aren’t all bad, of course, and Imperva found the number of good bots had grown from 19.5% of all traffic in 2015 to 22.9% last year. They’re used for things like ferrying website content to mobile and web apps, collecting info for search engine algorithms and digital marketing.

What’s Hot on Infosecurity Magazine?