Bad Bots Becoming More ‘Human’—Barracuda
They Are Also Becoming More and More of a Big Problem
Bad bots are evolving to become more sophisticated and human-like in an effort to boost their success rates in account takeovers and other automated attacks, according to the latest Threat Spotlight from Barracuda, a leading cybersecurity company providing complete protection against complex threats.
Analysing bot-related traffic and activity targeting Barracuda web applications and APIs between September 2023 and August 2024, nearly half (49%) of bots were identified as “advanced bots,” most of which are malicious and designed to mimic human behaviour and handle complex online interactions such as engaging with targets in account takeover attacks. In short, they are bad bots.
The Barracuda report also reveals that the proportion of bad bot traffic is declining, having dropped from 39% in 2021, to 24% in 2024. A deeper analysis shows, however, that the proportion of individual bad bots has risen over the last 12 months from 36% to 44% of detected clients. In other words, there is less traffic on the road, but many more makes of vehicle.
Bad Bots Are Bad News
Bots are automated software programs designed to perform online activities at scale. Good bots include search engine crawler bots, SEO bots, and customer service bots that can help organisations streamline processes, increase efficiency, boost their online presence, and strengthen customer interactions. Bad bots, on the other hand, are designed for malicious or harmful online activities.
Within the report, Barracuda researchers also note the emergence of a category of Artificial Intelligence (AI) bots which could be classified as “grey bots” because they are not overtly malicious, but their approach can be questionable—blurring the boundary of legitimate activity.
Tushar Richabadas, Principal Product Manager at Barracuda, said: “While it is good news that the proportion of bad bots in internet traffic has declined, our deeper analysis shows that the range of bad bots has risen over the last 12 months and many of these are advanced bots.
“Bad bots are bad news for business. They can steal data, commit fraud, exploit vulnerabilities, overload websites with traffic, spread spam, skew business analytics, disrupt services for legitimate customers, and more. We also see an emerging category of ‘grey bots’: AI bots designed to extract or scrape large volumes of data from websites.”
In order to stay protected, Barracuda recommends a multilayered approach to security, including robust application security with proper configuration, specialised bot protection to block advanced attacks, and machine learning and multifactor authentication to detect human-like bots and prevent credential stuffing.
Read the full Threat Spotlight here: https://blog.barracuda.com/2024/11/19/threat-spotlight-bad-bots-evolving-more-human
