Tag: Bots | Page 4

39% of all internet traffic is from bad bots

September 7, 2021/in Internet Security

Automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals.

bad bots internet traffic

These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots. These advanced bots try their best to evade standard defences and attempt to perform their malicious activities under the radar. The report revealed that the most common of these persistent bots were ones that went after e-commerce applications and login portals.

Bad bots internet traffic by location

The report also included a breakdown of bad bot traffic by location. It revealed that North America accounts for 67% of bad bot traffic, followed by Europe (22%) and then Asia (7.5%).

bad bots internet traffic

Interestingly, the European bot traffic was more likely to come in from hosting services (VPS) or residential IPs than the North American traffic, most of which originated from public data centres.

Most bot traffic comes in from AWS and Microsoft Azure

The research also revealed that most bot traffic comes in from the two largest public cloud vendors, AWS and Microsoft Azure, in roughly equal measure. This is likely because it is easy to set up a free account with either provider, and then use the account to set up the bad bots.

Finally, researchers observed that bad bot traffic tends to follow the standard workday, allowing them to hide within normal human traffic streams to avoid raising alarm bells.

Nitzan Miron, VP of Product Management, Application Security, Barracuda said: “While some bots like search engine crawlers are good, our research shows that over 60% of bots are dedicated to carrying out malicious activities at scale. When left unchecked, these bad bots can steal data, affect site performance, and even lead to a breach. That’s why it’s critically important to detect and effectively block bot traffic.”

Source…

Bots are broadening the digital divide

September 1, 2021/in Internet Security

From Joe Biden pledging to “close the digital divide”, to the UK almost halving the number of homes without internet access in 2020, governments worldwide are convinced that access to online services is essential for a fairer, more productive society and economy. But this isn’t the whole story.

About the author

Chris Waynforth is Area Vice President at Imperva.

Just being online doesn’t guarantee everyone the same access to products and services. People with the right technical knowledge are better positioned to buy products and access services, and bots are a growing reason for it.

A bot-driven economy widens the gap between the “haves” and “have nots”

Most are aware of the concept of bots – automated software that performs repetitive tasks on the internet — whether it’s providing website help functions, automated customer service or scraping data for search engines. However, there is an increasing number of “bad” bots trafficking the internet – those that are harder to stop and closely mimic human behavior. They’re programmed to harvest personal information for fraud, perform account takeover or take down websites.

Historically, scalping bots were used to hoard concert or sporting tickets – a trend that ultimately forced changes in legislation around ticket resale. Over the past year, bots have infiltrated more industries and are causing havoc in daily life. Throughout the global pandemic, bots snatched up gaming consoles and graphics cards, making it harder for everyday consumers to find popular items for purchase online. More recently, there is evidence that bots are being used to track COVID-19 vaccination availability – a “helpful” service for many, but still a concern for organizations that are the origin of the data and see their sites being slowed down or taken offline by increased levels of automated traffic.

For those with the knowledge or resources to use a bot operator, there are significant advantages: they can jump the queue to acquire popular new products, secure a reservation and more. Before you know it, bots could be booking reservations to the beer garden or placing a Tesco order.

All of this activity will ultimately further split…

Source…

New cryptomining malware builds an army of Windows, Linux bots

April 24, 2021/in Computer Security

New cryptomining malware builds an army of Windows, Linux bots

A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads.

First spotted by Alibaba Cloud (Aliyun) security researchers in February (who dubbed it Sysrv-hello) and active since December 2020, the botnet has also landed on the radars of researchers at Lacework Labs and Juniper Threat Labs after a surge of activity during March.

While, at first, it was using a multi-component architecture with the miner and worm (propagator) modules, the botnet has been upgraded to use a single binary capable of mining and auto-spreading the malware to other devices.

Sysrv-hello’s propagator component aggressively scans the Internet for more vulnerable systems to add to its army of Monero mining bots with exploits targeting vulnerabilities that allow it to execute malicious code remotely.

The attackers “are targeting cloud workloads through remote code injection/remote code execution vulnerabilities in PHPUnit, Apache Solar, Confluence, Laravel, JBoss, Jira, Sonatype, Oracle WebLogic and Apache Struts to gain initial access,” Lacework found.

After hacking into a server and killing competing cryptocurrency miners, the malware will also spread over the network in brute force attacks using SSH private keys collected from various locations on infected servers

“Lateral movement is conducted via SSH keys available on the victim machine and hosts identified from bash history files, ssh config files, and known_hosts files,” Lacework added.

**Sysrv-hello attack flow** (*Lacework*)

Vulnerabilities targeted by Sysrv-hello

After the botnet’s activity surged in March, Juniper identified six vulnerabilities exploited by malware samples collected in active attacks:

Mongo Express RCE (CVE-2019-10758)
XML-RPC (CVE-2017-11610)
Saltstack RCE (CVE-2020-16846)
Drupal Ajax RCE (CVE-2018-7600)
ThinkPHP RCE (no CVE)
XXL-JOB Unauth RCE (no CVE)

Other exploits used by the botnet in the past also include:

Laravel (CVE-2021-3129)
Oracle Weblogic (CVE-2020-14882)
Atlassian Confluence Server (CVE-2019-3396)
Apache Solr (CVE-2019-0193)
PHPUnit (CVE-2017-9841)
Jboss…

Source…

Beating the bad bots: Six ways to identify and block spam traffic

February 19, 2021/in Internet Security

Advancements in technology have helped us propel forward, changing the way we work and live our daily lives. However, its rapid adoption has led to less sombre means. We have all seen and participated in those various bot tests that some websites carry out, where we have to select the picture tiles which have particular objects. This is to control the usage of the site and reduce spam traffic.

Spam traffic is used in some cases by cybercriminals to commit scams and fraud and has become a tool for phishing scam and malware spread. It is problematic as it is inexpensive to create and send. In 2020, spam messages accounted for a colossal 58.71 percent of email traffic as the graph above indicates.

What is a bad bot?

There are a range of different bots that you find on the backend of the internet carrying out different types of tasks. Some are harmless such as search engine bots used by Google and Bing, which help the service specifically by browsing the internet to help make available content that can be useful to users based on search queries.

However, bad bots are used in an entirely different way to serve a different purpose. These include. Searching sites and scraping data of it to benefit other sites or sell on and steal information and repost it under a different identity.

Bad bots also can disturb site metrics as they inflate search results and increase website traffic unnecessarily, leading to slower loading times and unnecessary investments in hardware to maintain the website infrastructure. As we can see from the graph below, in 2019, 24 percent of traffic emanated from the movement of bad bots.

They are also able to perform malicious acts on-site, which lead to damaging networks through things such as distributed denial of service (DDoS) attacks. These attacks flood sites with data higher than a level that it can handle.

Bad bots are mostly organized on botnets which are a collection of internet-connected devices that have been infected by malware, allowing hackers to control them. Cybercriminals use botnets to instigate a botnet attack, and these attacks consist of malicious activities.

Attacks such as these are hard to prevent as they can come in many shapes and forms as…

Source…

Tag Archive for: Bots

Bad bots internet traffic by location

Most bot traffic comes in from AWS and Microsoft Azure

A bot-driven economy widens the gap between the “haves” and “have nots”

Vulnerabilities targeted by Sysrv-hello

What is a bad bot?