Incapsula, Imperva’s subsidiary focused on cloud-based application security, just released its annual Bot Traffic Report for 2013 that analyzed 1.45 Billion visits over a 90 day period; concluding that automated web traffic is on the rise. Traffic from these bots now makes up as much as 61.5% of all website traffic, which is an increase of 21% from last year’s report. This automated traffic includes good bots such as search engines as well as malicious traffic like site scrapers, hacking tools, comment spammers and other homegrown bots.
One potential contributing factor is the continued proliferation web services. New online services are being created at a record pace, bringing with them new bots scouring the internet for information. As these bots crawl the internet, they bring with them bandwidth consumption and service degradation.
Another possible explanation is that botnet creators are developing new tools and infecting bots with increasingly ingenious social engineering tactics. Brian Krebs of Krebs on Security, released a blog post this morning dissecting a new malicious Firefox plugin that infects PCs and automatically probes any websites visited with the infected browser for SQL Injection vulnerabilities and then reports the results back to the botnet’s control center. As of the time of writing, this botnet had already infected more than 12,500 systems, illustrating how easy it is for today’s botnet farmers to assemble powerful networks of infected computers.
With web services being increasingly weaved into the fabric of our online lives, and botnets growing in size and sophistication, it is likely that this trend of automated web traffic will show no signs of abatement in the near future.