A new report released today by cloud cybersecurity firm Barracuda Networks Inc. finds that half of all internet traffic is now bot traffic and that bad bots contribute to 30% of traffic.

The report delves into the changing face of bot traffic and how bad bot traffic is evolving. Originally used by search engines, bots now perform myriad functions, some of which harbor malicious intent.

According to Barracuda, bots today can be classified as good and bad — good being search engine crawlers, respectful of website rules and integral to the orderly functioning of the internet. In contrast, bad bots are built with nefarious goals, ranging from basic scraping to more sophisticated distributed denial-of-service attacks.

With 50% of all traffic now being bots, bad bots contribute to 30% of all traffic, although it’s noted in the report that the 30% figure is down, as bad bots had previously represented 39% in 2021. Based on origin, 72% of the bad bot traffic comes from North America, primarily because of the dominance of public clouds like Amazon Web Services Inc. and Microsoft Corp.’s Azure.

After North America, primarily the U.S., the next four places with the highest number of bad bots were the United Arab Emirates at 12%, Saudi Arabia at 6%, Qatar at 5% and India at 5%. The report notes, however, that traffic source is skewed toward the U.S. because 67% of bad bot traffic comes from public cloud data centers’ IP ranges.

Most of the bad bot traffic was found to come from two large public clouds, with AWS and Azure roughly equal. The report suggests that this could be because it’s easy to set up for free with either provider and then use the account to set up bad bots.

Conversely, bot operators using AWS and Azure are said to make it relatively simple to identify and block these bots. If a user has an application that does not expect traffic from a specific data center IP range, they can be blocked, similar to geo-IP-based blocking.

In one interesting takeaway, the report also found that a third of bad bot traffic is coming from residential IP addresses. That’s believed to be from bot creators trying to hide in residential traffic by using someone else’s IP address through proxies to bypass IP blocks.

The report concludes with the warning that bot threat groups are becoming more sophisticated and are causing serious damage. Bots are resulting in increasing account takeover attacks, including attacks against application programming interfaces.

“When it comes to protecting against bot attacks, organizations can be overwhelmed at times due to the number of solutions required. The good news is that solutions are consolidating into Web Application and API Protection services,” the report advises. “To protect your business, as well as your data, analytics, and inventory, you need to invest in WAAP technology that identifies and stops bad bots.”

Image: DALL-E 3