Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bot Traffic. Show all posts

The Rise of Bots: Imperva's Report Reveals Rising Trends in Internet Traffic

 

In the intricate tapestry of the digital realm, where human interactions intertwine with automated processes, the rise of bots has become an undeniable phenomenon reshaping the landscape of internet traffic. Recent findings from cybersecurity leader Imperva unveil the multifaceted nature of this phenomenon, shedding light on the complex interplay between legitimate and malicious bot activities.
 
At the heart of Imperva's report lies a staggering statistic: 49.6% of global internet traffic originates from bots, marking the highest recorded level since the company commenced its analysis in 2013. This exponential surge in bot-driven activity underscores the growing reliance on automated systems to execute tasks traditionally performed by humans. From web scraping to automated interactions, bots play a pivotal role in shaping the digital ecosystem. 

However, not all bots operate with benign intentions. Imperva's study reveals a troubling trend: the proliferation of "bad bots." These nefarious entities, comprising 32% of all internet traffic in 2023, pose significant cybersecurity threats. Nanhi Singh, leading application security at Imperva, emphasizes the pervasive nature of these malicious actors, labeling them as one of the most pressing challenges facing industries worldwide. 

Bad bots, armed with sophisticated tactics, infiltrate networks with the aim of extracting sensitive information, perpetrating fraud, and spreading misinformation. From account takeovers to data breaches, the repercussions of bot-driven attacks are far-reaching and detrimental. Alarmingly, the report highlights a 10% increase in account takeovers in 2023, underscoring the urgency for proactive security measures. 

Geographical analysis further elucidates the global landscape of bot activity. Countries such as Ireland, Germany, and Mexico witness disproportionate levels of malicious bot traffic, posing significant challenges for cybersecurity professionals. Against this backdrop, organizations must adopt a proactive stance, implementing robust bot management strategies to safeguard against evolving threats. While the rise of bots presents formidable challenges, it also heralds opportunities for innovation and efficiency. 

Legitimate bots, such as AI-powered assistants like ChatGPT, enhance productivity and streamline processes. By leveraging generative AI, businesses can harness the power of automation to drive growth and innovation. Imperva's report serves as a clarion call for stakeholders across industries to recognize the complexities of internet traffic and adapt accordingly. 

As bot-driven activities continue to proliferate, a holistic approach to cybersecurity is imperative. From advanced threat detection to stringent access controls, organizations must fortify their defenses to mitigate risks and safeguard against evolving threats. 

Imperva's comprehensive analysis sheds light on the multifaceted nature of internet traffic dominated by bots. By understanding the nuances of bot behavior and implementing proactive security measures, businesses can navigate the digital landscape with confidence, ensuring resilience in the face of emerging cyber threats.

GPS Warfare: Ukraine-Israel Tensions Raise Alarms

GPS is used for navigation in almost every device in this age of rapid technological development. Israel may have been involved in recent GPS jamming and spoofing occurrences in Ukraine, according to reports that have revealed a worrying trend. These accidents constitute a serious threat to the worldwide aviation sector and a topic of regional concern. 

The New York Times recently reported on the growing instances of GPS disruptions in Ukraine, shedding light on the potential involvement of Israeli technology. According to the report, Israel has been accused of jamming and spoofing GPS signals in the region, causing disruptions to navigation systems. The motives behind such actions remain unclear, raising questions about the broader implications of electronic warfare on international relations. 

The aviation sector heavily relies on GPS for precise navigation, making any interference with these systems potentially catastrophic. GPS jamming and spoofing not only endanger flight safety but also have the capacity to disrupt air traffic control systems, creating chaos in the skies.

The aviation industry relies heavily on GPS for precision navigation, and any interference with these systems can have dire consequences. GPS jamming and spoofing not only jeopardize the safety of flights but also can potentially disrupt air traffic control systems, leading to chaos in the skies.

The implications of these incidents extend beyond the borders of Ukraine and Israel. As the world becomes increasingly interconnected, disruptions in one region can reverberate globally. The international community must address the issue promptly to prevent further escalations and ensure the safe operation of air travel.

Governments, aviation authorities, and technology experts need to collaborate to develop countermeasures against GPS interference. Strengthening cybersecurity protocols and investing in advanced technologies to detect and mitigate electronic warfare threats should be a priority for nations worldwide.

Preserving vital infrastructure, like GPS systems, becomes crucial as we manoeuvre through the complexity of a networked world. The GPS jamming events between Israel and Ukraine serve as a sobering reminder of the gaps in our technology and the urgent necessity for global cooperation to counter new threats in the digital era.

Bad Bot Traffic is Significantly Contributing to Rise of Online Scam

 

Recently, many organizations have been left wrestling with the challenge of overcoming the rise in bot traffic, which is also sometimes referred to as non-human traffic. According to an Imperva analysis, bad bots, or software applications that conduct automated operations with malicious intent, accounted for a record-breaking 27.7% of all global internet traffic in 2021, up from 25.6 percent in 2020. Account takeover (ATO), content or price scraping, and scalping to purchase limited-availability items were the three most typical bot attacks. 

Bot traffic has the potential to damage organisations if they do not learn how to recognise, control, and filter it. Sites that rely on advertising in addition to sites that sell limited-quantity products and merchandise are particularly vulnerable. Bad bots are frequently the first sign of online fraud, posing a threat to both digital enterprises and their customers. 

Evasive bad bots accounted for 65.6 percent of all bad bot traffic in 2021, a grouping of moderate and advanced bad bots that circumvent ordinary security protections. This type of bot employs the most advanced evasion strategies, such as cycling through several IP addresses, using anonymous proxies, changing identities, and imitating human behaviour. 

Bad bots make it possible to exploit, misuse, and assault websites, mobile apps, and APIs at high speed. Personal information, credit card details, and loyalty points can all be stolen if an attack is successful. Organizations' non-compliance with data privacy and transaction requirements is exacerbated by automated misuse and online fraud. 

Bad bot traffic is increasing at a time when businesses are making investments to improve online customer experiences. More digital services, greater online functionality, and the creation of broad API ecosystems have all emerged.

Unfortunately, evil bot operators will use this slew of new endpoints to launch automated assaults. The key findings of the research are:
  • Account takeover grew148% in 2021: In 2021, 64.1% of ATO attacks used an advanced bad bot. Financial Services was the most targeted industry (34.6%), followed by Travel (23.2%). The United States was the leading origin country of ATO attacks (54%) in 2021. The implications of account takeover are extensive; successful attacks lock customers out of their accounts, while fraudsters gain access to sensitive information that can be stolen and abused. For businesses, ATO contributes to revenue loss, risk of non-compliance with data privacy regulations, and tarnished reputations.
  • Travel, retail, and financial services targeted by bad bots: The volume of attacks originating from sophisticated bad bots was most notable across Travel (34.2%), Retail (33.8%), and Financial Services (8.8%) in 2021. These industries remain a prime target because of the valuable personal data they store behind user login portals on their websites and mobile apps.
  • The proportion of bad bot traffic differs by country: In 2021, Germany (39.6%), Singapore (39.1%), and Canada (30.2%) experienced the highest volumes of bad bot traffic, while the United States (29.1%) and the United Kingdom (29.7%) were also higher than the global average (27.7%) of bad bot traffic.
  • 35.6% of bad bots disguise as mobile web browsers: Mobile user agents were a popular disguise for bad bot traffic in 2021, accounting for more than one-third of all internet traffic, increasing from 28.1% in 2020. Mobile Safari was a popular agent in 2021 because bots exploited the browser’s improved user privacy settings to mask their behaviour, making them harder to detect.
According to the findings, no industry will be immune to negative bot activity in 2021. Bots hoarding popular gaming consoles and clogging vaccine appointment scheduling sites gained attention in 2021, but any degree of bot activity on a website can create considerable downtime, degrade performance, and reduce service reliability.

Attackers UtilizingDefault Credentials to Target Businesses, Raspberry Pi and Linux Top Targets

 

While automated attacks remain a major security concern to enterprises, findings from a Bulletproof analysis highlight the challenge created by inadequate security hygiene. According to research conducted in 2021, bot traffic currently accounts for 70% of total web activity.

Default credentials are the most popular passwords used by malicious attackers, acting as a 'skeleton key' for criminal access. With attackers increasingly deploying automated attack methods 

Brian Wagner, CTO at Bulletproof stated, “On the list are the default Raspberry Pi credentials (un:pi/pwd:raspberry). There are more than 200,000 machines on the internet running the standard Raspberry Pi OS, making it a reasonable target for bad actors. We also can see what looks like credentials used on Linux machines (un:nproc/pwd:nproc). This highlights a key issue – default credentials are still not being changed.”

“Using default credentials provides one of the easiest entry points for attackers, acting as a ‘skeleton key’ for multiple hacks. Using legitimate credentials can allow attackers to avoid detection and makes investigating and monitoring attacks much harder.” 

According to the findings, attackers are continuously utilising the same typical passwords to gain access to systems. Some are default passwords that haven't been updated since the company started using them. The RockYou database leak from December 2009 is accountable for a quarter of all passwords used by attackers today. This degree of activity suggests that these passwords are still valid. 

During the period of the research, threat actors started almost 240,000 sessions. The top IP address, which came from a German server, started 915 sessions and stayed on the Bulletproof honeypot for a total of five hours. Another attacker spent 15 hours on the honeypot, successfully logging in 29 times with more than 30 different passwords. In sum, 54 per cent of the more than 5,000 distinct IP addresses had intelligence indicating they were bad actor IP addresses.

Wagner continued, “Within milliseconds of a server being put on the internet, it is already being scanned by all manner of entities. Botnets will be targeting it and a host of malicious traffic is then being driven to the server.” 

“Although some of our data shows legitimate research companies scanning the internet, the greatest proportion of traffic we encountered to our honeypot came from threat actors and compromised hosts. These insights, combined with our data, highlight the importance of proactive monitoring to ensure you are aware of the threats to your business on a daily basis, as well as a tried and tested incident response plan.”