Nearly half the visitors on the web is generated by automated entities referred to as bots, and a big portion of them pose threats to customers and companies on the net.
“[B]ots can help in creating phishing scams by gaining user’s trust and exploiting it for scammers. These scams can have serious implications for the victim, some of which include financial loss, identity theft, and the spread of malware,” Christoph C. Cemper, founding father of AIPRM, an AI immediate engineering and administration firm, in Wilmington, Del., mentioned in a press release supplied to TechNewsWorld.
“Unfortunately, this is not the only security threat posed by bots,” he continued. “They can also damage brand reputations, especially for brands and businesses with popular social media profiles and high engagement rates. By associating a brand with fraudulent and unethical practices, bots can tarnish a brand’s reputation and reduce consumer loyalty.”
According to the Imperva 2024 Bad Bot Report, dangerous bot visitors ranges have risen for the fifth consecutive 12 months, indicating an alarming development. It famous the rise is partly pushed by the rising reputation of synthetic intelligence (AI) and enormous studying fashions (LLMs).
In 2023, dangerous bots accounted for 32% of all web visitors — a 1.8% improve from 2022, the report defined. The portion of excellent bot visitors additionally elevated, albeit barely much less considerably, from 17.3% of all web visitors in 2022 to 17.6% in 2023. Combined, 49.6% of all web visitors in 2023 wasn’t human, as human visitors ranges decreased to 50.4% of all visitors.
“Good bots help index the web for search engines, automate cybersecurity monitoring, and assist customer service through chatbots,” defined James McQuiggan, a safety consciousness advocate at KnowBe4, a safety consciousness coaching supplier in Clearwater, Fla.
“They assist with detecting vulnerabilities, improving IT workflows, and streamlining procedures online,” he informed TechNewsWorld. “The trick is knowing what’s valuable automation and what’s nefarious activity.”
Ticket Scalping at Scale
Automation and success are driving the expansion traits for botnet visitors, defined Thomas Richards, community and crimson crew apply director at Black Duck Software, an purposes safety firm in Burlington, Mass.
“Being able to scale up allows malicious actors to achieve their goals,” he informed TechNewsWorld. “AI is having an impact by allowing these malicious actors to act more human and automate coding and other tasks. Google, for example, has revealed that Gemini has been used to create malicious things.”
“We see this in other everyday experiences as well,” he continued, “like the struggle in recent years to get concert tickets to popular events. Scalpers find ways to create users or use compromised accounts to buy tickets faster than a human ever could. They make money by reselling the tickets at a much higher price.”
It’s simple and worthwhile to deploy automated assaults, added Stephen Kowski, discipline CTO at SlashNext, a pc and community safety firm in Pleasanton, Calif.
“Criminals are using sophisticated tools to bypass traditional security measures,” he informed TechNewsWorld. “AI-powered systems make bots more convincing and harder to detect, enabling them to mimic human behavior better and adapt to defensive measures.”
“The combination of readily available AI tools and the increasing value of stolen data creates perfect conditions for even more advanced bot attacks in the future,” he mentioned.
Why Bad Bots Are a Serious Threat
David Brauchler, technical director and head of AI and ML safety on the NCC Group, a worldwide cybersecurity consultancy, expects non-human web visitors to proceed to develop.
“As more devices become internet-connected, SaaS platforms add interconnected functionality, and new vulnerable devices enter the scene, bot-related traffic has had the opportunity to continue increasing its share of network bandwidth,” he informed TechNewsWorld.
Brauchler added that dangerous bots are able to inflicting nice hurt. “Bots have been used to trigger mass outages by overwhelming network resources to deny access to systems and services,” he mentioned.
“With the advent of generative AI, bots can also be used to impersonate realistic user activity on online platforms, increasing spam risk and fraud,” he defined. “They can also scan for and exploit security vulnerabilities in computer systems.”
He contended that the most important threat from AI is the proliferation of spam. “There’s no strong technical solution to identifying and blocking this type of content online,” he defined. “Users have taken to calling this phenomenon AI slop, and it risks drowning out the signal of legitimate online interactions in the noise of artificial content.”
He cautioned, nonetheless, that the business must be very cautious when it considers the perfect answer to this downside. “Many potential remedies can create more harm, especially those that risk attacking online privacy,” he mentioned.
How to Identify Malicious Bots
Brauchler acknowledged that it may be troublesome for people to detect a malicious bot. “The overwhelming majority of bots don’t operate in any fashion that humans can detect,” he mentioned. “They contact internet-exposed systems directly, querying for data or interacting with services.”
“The category of bot that most humans are concerned with are autonomous AI agents that can masquerade as humans in an attempt to defraud people online,” he continued. “Many AI chatbots use predictable speech patterns that users can learn to recognize by interacting with AI text generators online.”
“Similarly, AI-generated imagery has a number of ‘tells’ that users can learn to look for, including broken patterns, such as hands and clocks being misaligned, edges of objects melting into other objects, and muddled backgrounds,” he mentioned.
“AI voices also have unusual inflections and expressions of tone that users can learn to pick up on,” he added.
Malicious bots are sometimes used on social media platforms to achieve trusted entry to people or teams. “Watch for telltale signs like unusual patterns in friend requests, generic or stolen profile pictures, and accounts that post at inhuman speeds or frequencies,” Kowski cautioned.
He additionally suggested to be cautious of profiles with restricted private info, suspicious engagement patterns, or pushing particular agendas by automated responses.
In the enterprise, he continued, real-time behavioral evaluation can spot automated actions that don’t match pure human patterns, corresponding to impossibly quick clicks or kind fills.
Threat to Businesses
Malicious bots could be a vital risk to enterprises, famous Ken Dunham, director of the risk analysis unit at Qualys, a supplier of cloud-based IT, safety, and compliance options in Foster City, Calif.
“Once amassed by a threat actor, they can be weaponized,” he informed TechNewsWorld. “Bots have incredible resources and capabilities to perform anonymous, distributed, asynchronous attacks against targets of choice, such as brute force credential attacks, distributed denial of service attacks, vulnerability scans, attempted exploitation, and more.”
Malicious bots may also goal login portals, API endpoints, and public-facing methods, which creates dangers for organizations because the dangerous actors probe for weaknesses to discover a method to achieve entry to the interior infrastructure and knowledge, added McQuiggan.
“Without bot mitigation strategies, companies can be vulnerable to automated threats,” he mentioned.
To mitigate threats from dangerous bots, he beneficial deploying multi-factor authentication, technological bot detection options, and monitoring visitors for anomalies.
He additionally beneficial blocking outdated consumer brokers, using Captchas, and limiting interactions, the place attainable, to cut back success charges.
“Through security awareness education and human risk management, an employee’s knowledge of bot-driven phishing and fraud attempts can ensure a healthy security culture and reduce the risk of a successful bot attack,” he suggested.