Bad bots try to be more human
Bad bots are designed perform various malicious activities. These range from basic scrapers that try to get some data off an application -- and are easily blocked -- to more advanced persistent bots that try to evade detection.
Barracuda researchers have been tracking bots for several years and have identified some interesting recent trends not least that, like King Louie in The Jungle Book, they 'wanna be like you'.
Researchers have seen a significant amount of bad bot traffic (33 percent) coming from residential IP addresses. A lot of this is because bot creators are trying to hide in residential traffic by using someone else's IP address through proxies to try to bypass IP blocks.
This is used for activities like web scraping or other bot attacks. If attackers are doing something malicious, they don't want to do it from their own IP address due to traceability, so they end up using a site that provides anonymous residential IP ranges. The problem for residential users is that they may find themselves unable to pass CAPTCHAs from Google or Cloudflare because their IP has been used by one of these attackers and flagged for malicious activity.
Looking at all bot activity, the research shows that from January to June 2023, bots made up nearly half of internet traffic, with bad bots accounting for 30 percent. That's down from 2021 though when Barracuda research found that bad bots made up 39 percent of internet traffic.
Most bad bot traffic comes from the two large public clouds, AWS and Azure, this skews the geographic data toward North America which accounts for 72 percent of bad bot activity.
"When it comes to protecting against bot attacks, organizations can be overwhelmed at times due to the number of solutions required," writes Tushar Richabadas, senior product marketing manager, applications and cloud security, on the Barracuda blog. "The good news is that solutions are consolidating into Web Application and API Protection (WAAP) services. To protect your business, as well as your data, analytics, and inventory, you need to invest in WAAP technology that identifies and stops bad bots. This will improve both user experience and overall security."
You can read more on the Barracuda blog.
Image credit: Aleutie/depositphotos.com