Bad Bot Report 2019: AWS is the largest source of global bad bot program traffic

The malicious robot program is constantly evolving and much more complicated than before. The purpose of using robot programs in different industries is different, but robot programs are common tools for hackers and are the key to success for scammers. No company can be spared, regardless of size, whether it is a public utility company or a private company.

The bot is becoming more and more like a real user on the real artificial workflow of simulating web applications. Advanced attackers are now clearly aware of the technology they are ready to break and are constantly learning how to improve their tactics.

“3D Bots” by santiago manzi is licensed under CC BY-NC-ND 4.0

Distil Networks investigated hundreds of billions of malicious robotic program requests of thousands of domain names in 2018 and compiled the “Bad Bot Report 2019: The Bot Arms Race Continues” report to delve into the automated attacks of daily raging websites, mobile applications, and APIs. The following are the seven findings extracted from the report.

No. 1:2018 malicious robot program traffic decreased slightly

In 2018, malicious robot traffic accounted for 20.4% of all website traffic, a decrease of 6.35% from the previous year. This is the first time since 2015 that malicious robot program traffic has decreased compared to the previous year. Another good news is that the number of human users has exceeded the number of robot programs for the first time since 2016. But the fact that live traffic accounts for only 62% of all Internet traffic is still surprising. Given the goal of attracting real users to the site, these numbers indicate that the bot problem is still serious.

No. 2: malicious robot program complexity is not reduced

The Advanced Persistence Robot Program (APB) is a combination of common and complex malicious robot programs that continue to plague the site, accounting for 73.6% of all malicious robot programs. APB is accustomed to recycling random IP addresses, invading anonymous proxies and peer-to-peer networks, and being able to change their user agents. APB uses a combination of different techniques and methods to bypass detection and persist on the target website.

No. 3: Robot program problems affect all walks of life

Some malicious bots affect all industries, others are industry-specific. A website with a login interface encounters two or three robotic-driven account takeover attacks each month. Content deletion and price modification are very embarrassing and are also done by robot programs. At the same time, malicious competitors will use robot programs to cut prices on e-commerce sites, hoard flight seats, and resell concert tickets.

The industries most affected by malicious bot traffic included financial (42.2%), ticketing (39.3%), education (37.9%), IT and services (34.4%), and marketing and advertising (33.3%).

No. 4: Half of the malicious robot programs camouflage Google Chrome

The malicious bot program continues to follow the browser trend, and it is faked in Chrome for 49.9% of the time. In 2018, 73.6% of malicious robot program traffic originated in the data center, which was 82.7% in 2017; the use of data centers was slightly reduced.

No. 5: AWS is the largest source of global robot program traffic

In 2018, malicious bot traffic originated from 1,935 ISPs, of which Amazon was its largest source, and 18.0% of malicious bot traffic originated from Amazon; in 2017, malicious bots from Amazon accounted for 10.6%. This is not surprising: AWS is by far the world’s largest and most-utilized cloud service provider, accounting for approximately 33% of the global market.

Digital Ocean and Comcast Cable rank second and third in the source of malicious robot program traffic. Last year’s largest source of malicious robot program traffic, OVH Hosting, fell to fourth place, from 11.6% in 2017 to 3.1% in 2018, a big drop.

No. 6: malicious robot programs spread all over the world

Since malicious robot program traffic originates from the data center, the United States is still a “magic robot program superpower”, and more than half of the malicious robot traffic comes from the United States. The United States is followed by the Netherlands (5.7%), China (3.9%), Germany (3.9%) and Canada (3.2%).

No. 7: Russia and Ukraine are the most shielded

Together, the two countries accounted for nearly half of the country’s specific IP blockade (48.2%). One-third of the companies blocked Russia – the most blocked country for the second consecutive year, and Ukraine was blocked by 15.5% of companies. Among the top five countries that are blocked, there are India (15.2%), China (11.2%) and the United States (6.6%).