Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Subsidiaries
  • Contact
    • Newsletter
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Subsidiaries
  • Contact
    • Newsletter
  • Blog

Cybersecurity Blog

Thought leadership. threat analysis, news and alerts.

How Internet Bots Can Hurt Your Business

8/29/2017

0 Comments

 
Internet bots
​

How Bad Internet Bots Can Hurt Your Business
​Over 50% of website visitors aren’t humans. According to Imperva Incapsula, 51.8% of the website traffic in 2016 came from bots, also known as web robots, internet bots or botnets.

What is a Bot

​A bot is a computer program that performs automated and repetitive tasks over the internet. Using a bot over the internet enables one to do things fast and on a grand scale.
 
Imperva Incapsula’s “Bot Traffic Report 2016” examined over 16.7 billion visits to 100,000 randomly-selected websites on the Incapsula network. The report showed that 48.2% of the online traffic in 2016 came from humans, while the 51.8% came from bots. Of the 51.8% bots traffic, 22.9% came from good bots and 28.9% came from bad bots.

The Good Bots

​Good bots are software programs that do positive things for your site. Four types of good bots dominate the internet today. These include feed fetchers, search engines, commercial crawlers and monitoring bots.

Feed Fetchers

​Feed fetchers are good bots that allow website content to be shown on mobile and web applications. They comprised 12.2% of the bots that crawl the internet today. 

Search Engines

​Search engine bots refer to good bots that regularly collect information from millions of websites and index the data collected into search result pages. Examples of these search engine bots are those bots from Google, Bing and Baidu. They comprised 6.6% of the bots that crawl the internet today.

Commercial Crawlers

​Commercial crawlers are good bots that are used for authorized data extractions – typically meant as a digital marketing tool. They comprised 2.9% of the bots that crawl the internet today.

Monitoring Bots

Monitoring bots refer to good bots that monitor the availability of the website and the proper functioning of the different website features. They comprised 1.2% of the bots that crawl the internet today.

The Bad Bots

​Bad bots are malicious software programs that can do damage to your site. The four types of bad bots that dominate the internet today are the impersonators, scrapers, spammers and hacker tools.

Impersonators

Impersonators are bad bots that assume false identities to bypass security systems. They are frequently used for Distributed Denial of Service (DDoS) attacks. They comprised 24.3% of the bots that crawl the internet today.
 
DDoS assaults are carried out by a botnet, referring to a group of hijacked computers – in many cases, Internet of Things (IoT) like CCTV cameras. By taking advantage of the security vulnerabilities of these internet-connected devices, cyber attackers remotely control these hijacked devices (unknown to the owners) and send huge volume of data to a victim website. In September 2016, the website of security blogger Brian Krebs was targeted by a massive DDoS attack, exceeding 620 gigabits per second (Gbps).
 
If your website is a victim of a DDoS attack, your legitimate human visitors won’t be able to access your website. When your legitimate visitor types your website address into a browser, he or she sends a request to the website's server to view the site. Your site’s server can only process a certain number of requests at once. So, when the DDoS attackers overload your site’s server with huge volume of requests, it can't process the massive requests, resulting in “denial of service” of your legitimate visitors.
 
When no one can access your website as a result of a DDoS assault, this can result in the following:

1. Revenue Loss
The average cost of downtime is $5,600 per minute, this according to an industry survey.
 
2. Productivity Loss
If your company is highly dependent on your web presence, a few minutes, hours or days of downtime can mean work stoppage for some of your staff.
 
3. Theft
DDoS attackers are getting sophisticated. Some DDoS assaults are used as “smokescreen” to hide the real intention, which could be to steal funds, steal customer data or steal intellectual property.
 
4. Reputation Damage
If your customer can’t access your website or if the DDoS attack resulted to breach of data of your customers, this can hurt your company’s brand.

Hacker Tools 

​Hacker tools are malicious bots that look for vulnerable websites that can be exploited for data theft and malware injection. They comprised 2.6% of the bots that crawl the internet today. An example of these hacker tools is the SQL injection.
 
According to the Open Web Application Security Project, “SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.”

Scrapers

​Scrapers are malicious bots used for unauthorized data extraction. These bots collect the entire database of your website, including original content and prices of the products you’re selling. They comprised 1.7% of the bots that crawl the internet today. When attackers scrape your entire website, this can result in a drop of your site’s competitive edge.

Spammers

​Spammers are malicious bots that inject spam links into your website, specifically into forums and comment sections. They comprised 0.3% of the bots that crawl the internet today. This type of malicious bots can cause long-term SEO damage to your website. According to Google, “If a site has been affected by a spam action, it may no longer show up in results on Google.com or on any of Google's partner sites.”
 
Based on Imperva Incapsula’s Bot Traffic Report 2016, every third website visitor for the last five years was an attack or malicious bot.
 
“Often, these assaults are the result of cybercriminals casting a wide net with automated attacks targeting thousands of domains at a time,” Imperva Incapsula said. “While these indiscriminate assaults are not nearly as dangerous as targeted attacks, they still have the potential to compromise numerous unprotected websites. Ironically, the owners of these websites tend to ignore the danger of bots the most, wrongfully thinking that their website is too ‘small’ to be attacked.”
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Categories

    All
    0-Day
    2FA
    Access Control
    AI
    ATP
    Awareness Training
    Botnet
    Bots
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Data Breach
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    IoT
    Malware
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security

    RSS Feed

1.888.900.DRIZ (3749)

Managed Services
Web Application Security
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
About us
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
Resources & Tools
​Incident Management Playbook
Privacy Policy | CASL
Copyright © 2020 Driz Group Inc. All Rights Reserved.
Photo used under Creative Commons from GotCredit