Fake web traffic gets more sophisticated

Bots have been around for a long time, but they're now much more sophisticated, capable of mimicking human behavior, evading detection, and perpetrating a wide range of malicious activities.

A new report from CHEQ shows that latest bots are able to scrape data without permission, inflate engagement metrics, commit fraud, and compromise the security and integrity of websites, mobile apps, and APIs.

Analysis of fake traffic carried out across thousands of domains in 2023 shows that 17.9 percent of all observed traffic was automated or invalid, a 58 percent increase from the previous year when it was 11.3 percent.

There has also been a year-on-year overall increase in fake traffic of 58 percent and a 28 percent increase in bots, with malicious bots up 32 percent. Some industries see more fake traffic that others, notably retail, software, and finance, come in above most at 15.8 percent, 14.1 percent, and 17.3 percent respectively.

The report breaks down fake traffic into three broad categories, bots accounting for 49.1 percent, suspicious traffic (42.3 percent) and malicious traffic (8.6 percent).

Interestingly basic browser automation tools account for 24.05 percent of all fake traffic. The retail and eCommerce sectors suffer the highest incidence by volume, suggesting the widespread use of these tools for scraping and abuse. Selenium, a popular open-source browser automation framework, and Marionette, Mozilla's automation driver are the most commonly detected.

Windows Desktop, a perennial favorite of enterprise attackers, dominates by sheer volume, making up 34 percent of all fake traffic. However, perhaps surprisingly, Linux machines outperform all others (except niche platforms) in terms of the sheer rate of invalid traffic; user agents claiming to be Linux machines come in at 68 percent fake.

The report's authors note, "Linux is likely popular among bad actors due to the availability of compromised Linux servers and devices that are part of botnets. These machines can be controlled remotely to perform various malicious activities, including generating fake traffic. The open-source nature of Linux might also provide more flexibility for the customization and deployment of malicious software."

The full report is available from the CHEQ site.

Photo credit: Stuart Miles/Shutterstock