Incapsula Finds Malicious Bots Account for Approximately 30 Percent of Internet Traffic

Monday, 29 December 2014

Annual Bot Traffic Report Reveals Bots Remain Majority of Visitors to Websites; Small Websites See the Largest Impact from Bot Activity

Incapsula, an Imperva company providing cloud-based website security and performance services, today released its annual Bot Traffic Report, which is based on a statistical study of Web bot traffic on Incapsula-protected websites having a minimum daily traffic count of at least 10 human visitors from August 2, 2014 to October 30, 2014. Bots remain the majority of visitors to websites of all sizes, at 56 percent, and are 80.5 percent of traffic to small websites with less than 1,000 daily visitors. Most alarming is the 10 percent increase in malicious bot activity, which now accounts for almost 30 percent of all traffic on Incapsula-protected websites.

Malicious bots are used to create spam comments on blogs and forums, scrape proprietary or copyrighted content, steal customer data and take over accounts. During the period covered by the report, Incapsula researchers observed the increase of sophisticated, so-called impersonator bots that mimic human behavior. This strain of malicious bot is specifically designed to be difficult to detect in order to bypass website security systems, and accounts for 22 percent of all malicious bot activity.

While “bad bots” are on the rise, there has been a small drop in overall bot traffic. Incapsula researchers attribute this decline to a drop in bots associated with RSS services, which have seen a decline in favor among Internet users. Incapsula believes that, where in the past users relied on automated tools that used bots to proactively scour the Web and news feeds, they now rely on content shared by peers in Twitter feeds and Facebook walls, and bots have followed suit, resulting in a lower volume of news-gathering bot traffic.

Other report findings include:

  • Bot traffic varies by website size: Small sites (1,000 visits/day) see 80.5 percent bots, medium sites (10,000 visits/day) 63.2 percent, large sites (100,000 visits/day) 56.2 percent, and very large sites (1M+ visits/day) 52.3 percent.
  • Comparing the period covered by this report with the previous period, among malicious bots, impersonators have increased by 10 percent, while hacking tools are down to 3.5 percent, and scraping bots are up 3 percent. Spam bots held steady at 0.5 percent.
  • Good bot traffic is down by 4 percent, likely due to the broad decrease in RSS bot activity.

"We have been conducting this study since 2012, and one constant in our findings is that malicious bots are becoming increasingly sophisticated and harder to distinguish from humans. These bots pose a huge threat to websites and are capable of large-scale hack attacks, DDoS floods, spam schemes and click fraud campaigns,” said Marc Gaffan, CEO of Incapsula. “With the vulnerabilities exposed in the past year, notably Shellshock, it is more important than ever that companies operating websites are diligent in securing their sites from malicious traffic."

Incapsula conducted its research over a 90-day period, from August 2, 2014 to October 30, 2014 in which data was collected from a sample of 15 billion visits to 20,000 websites in the Incapsula network.

To learn more about the research, please refer to the Incapsula blog, which includes a bot trends infographic and link to the full report, as well as a tutorial on how to use Incapsula to detect bot traffic.

About Incapsula

Incapsula, an Imperva company, was founded in 2009 by a group of industry veterans with strong backgrounds in web application security, online safety and identity theft. The company’s cloud-based Application Delivery Service makes websites safer, faster, and more reliable. Incapsula offers websites, large or small, enterprise-grade web application security, DDoS mitigation, performance optimization and load balancing. For more information, visit www.incapsula.com, follow us on Twitter @Incapsula_com, or visit our blog.