U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Security

Website traffic report shows an increase of malicious bots activity

Incapula security firm published a new report on the analysis of website traffic evidencing the increment for malicious activities. Researchers at the Incapsula security firm have published a new study on the nature of website traffic, early 2013 the company revealed that 51% of the overall traffic was generated by non-human entities and 60% of […]

Website traffic report shows an increase of malicious bots activity

Beautiful mountain at nz

Incapula security firm published a new report on the analysis of website traffic evidencing the increment for malicious activities.

Researchers at the Incapsula security firm have published a new study on the nature of website traffic, early 2013 the company revealed that 51% of the overall traffic was generated by non-human entities and 60% of it was related to malicious botnets.

The experts observed 1.45 Billion bot visits on nearly 20,000 sites on Incapsula’s network in around 90 days, the traffic was originated from any of 249 countries in the world.

Respect the data provided in the previous report from 2012 the bot traffic is increased of 21%, fortunately the increase is mainly attributable to the activity of good bots (i.e., certified agents of legitimate software, such as search engines).

Those legitimate entities have increased their volume from 20% to 31% from last year due to the evolution of web based services and increased activity of existing bots.

The overall malicious traffic remains unchanged,  31% of bots still belongs to malicious botnets but it is evident a reduction in Spam Bot activity from from 2% in 2012 to 0.5% in 2013, the experts believe that Google was able to discourage link spamming practices, causing a 75% decrease in automated link spamming activity.The data that most of all has attracted my attention is the 8% increase in the activity related to unclassified bots with hostile intentions and defined in the report as “Other Impersonators”.

The phenomenon is related to malicious bots that pretend to assume a spoofed identity, for example trying to appear as search engine bots or legitimate service bots, to compromise targeted websites, for example recently security experts at Securi firm have detected a series of SQL Injection attacks conducted abusing of the Google Bot activity.

Bots belonging to this category are specifically designed bots, not attributable to common malware, used to sophisticated hacking campaigns.

“These can be automated spy bots, human-like DDoS agents or a Trojan-activated barebones browser. One way or another, these are also the tools of top-tier hackers who are proficient enough to create their own malware. The 8% increase in the number of such bots highlights the increased activity of such hackers, as well as the rise in targeted cyber-attacks.”

A good example of such traffic is recent volume  originated for volumetric Layer 3-4 DDoS attacks.

Below a very useful Infograph that resume the results of the study.

Pierluigi Paganini

(Security Affairs –  Incapsula, website traffic report)