Perhaps you are like me; I get tired of having to prove that I’m a human when I visit certain websites. As annoying as it may be, especially trying to read CAPTCHA figures and get them correct on the first try, some new research by Distil Networks shows why it is important that I prove that I am a living, breathing, Internet-using human being. Only 41 percent of Web traffic is a live person. The rest is bot traffic.
The “good” news is that the other 59 percent of Web traffic isn’t conducted solely by bad bots meant to do serious damage and create security threats. In fact, the study found, bad bots decreased slightly:
The amount of bad bot traffic we saw across our network as a percentage of overall traffic dropped slightly from 24.22 [percent] in 2013 to 22.78 [percent] in 2014. The bigger move was in Good Bot traffic growing from 20.98 [percent] to 36.32 [percent], which might be due in part to more aggressive indexing by Bing and upstart search engines 2014.
As CSO reported, the bad bots seem to fall into three categories:
The largest one is the unwanted bots that scrape data from websites, especially bots used by business competitors such as those looking for pricing information. Then there are the malicious bots that explore websites looking for vulnerabilities. The smallest category, which accounts for 10 percent of the bad bots, are the ones engaging in click fraud, making brute-force login attempts or trying to post spam. These actively malicious bots can be identified by their use of "post" requests.
Hence, even 22 percent of bad bots are 22 percent too many.
The report points out an emerging bot-related concern: bots disguising themselves as mobile Web users. Actually, the study stated that we need to stop thinking of mobile threats – especially in the case of bots – as emerging. They are here and making a serious impact, as the study pointed out:
The same characteristics that make a mobile optimized site easy to quickly navigate for humans also makes them prime targets for bad bots. Mobile sites tend to be easier to scrape because they provide more structured access to website data.
What this says to me is that bot developers, like humans, are moving from traditional platforms to mobile, and we should expect to see those numbers grow in the coming year. In turn, expect to have to prove your personhood to your phone a lot more often.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba