Bots have dominated internet traffic in 2016, and most of them are bad

New Update

Bots are back at dominating internet traffic, according to web security and CDN provider Incapsula. Its 2016 bot traffic report, which surveyed 100,000 domains under its network revealed that 51.8 percent of all internet traffic came from automated sources, which saw a rise from previous year’s figures.


For the past year, only 48.2 percent of all internet traffic was generated by humans. The rest were made by bots – automated scripts that crawl through websites to accomplish a variety of tasks. And these bots are either good or bad.

Good bots are those from legitimate organizations that gather information about websites and services. Search services like Google and Bing and feed fetchers from social sites like Facebook are among that make up these good bots. Good bots account for 22.9 percent for all traffic. In contrast, bad bots are those that come from malicious sources and represent 28.9 percent of all traffic.

But what exactly do bad bots do, and why do they matter today?


Bad bots and cyberattacks

Bad bots are used to launch a variety of cyberattacks. These bots include impersonator bots, spammers, content scrapers, and hack tools. Most of these attacks are probes that scan for vulnerabilities on sites and services. Incapsula also reports that 94.2 percent of websites get hit by these bot attacks.

Impersonator bots account for bulk of bad bot traffic. These bots spoof human-generated traffic in an attempt to bypass common security measures and are also responsible for most distributed denial of service (DDoS) attacks.


DDoS attacks have frequently been in the news over the past year. These attacks use bots to overwhelm a target network by sending a huge volume of requests or use up the target network’s bandwidth to render them inaccessible to users.

For many of us, DDoS attacks bring quite the inconvenience of suddenly not being able to access our favorite sites. Some of us may remember last October when a massive DDoS attack on domain name server (DNS) provider Dyn took down services like Twitter, Spotify, Reddit, and the New York Times.

No website is too small


While DDoS attacks may often mean a few frustrated hours for users, they cost businesses real money. Incapsula estimates the cost of a DDoS attack on an e-commerce website can run at an average of $40,000 an hour. For larger sites, the impact could be more. But it’s not just the big companies that have to worry about such attacks.

The study also revealed that smaller sites are experience more bot visits than high-traffic websites. More than 90 percent of the traffic of websites that only have 0-10 human visits a day come from bots, and the visits are split almost evenly between good and bad bots. The number shifts as more humans visit the sites. Combined bot traffic for Alexa MVPs (100,000+ human visits daily) account for 32.7 percent of their total traffic.

This affirms the idea that no website is too small not to worry about cyberattacks, and that not putting security in the agenda simply leaves small businesses and entities at greater risk.


For website owners, this means that subscribing to web application firewalls, bot mitigation services, and anti-malware solutions are now a must to ensure website and web application uptime. Meanwhile, web publishers should also improve HTTP security by optimizing their implementation of SSL/TLS, in order to enhance the trust factor with users.

There is, after all, a big world of unknowns out there – Incapsula recently detected a new botnet carrying out new attacks, but it is unsure if this botnet also uses IoT devices, for instance.

Easing the risks


Compromised networks and devices can even compound the problem. The volume carried out by DDoS bots hit record numbers last year, as the attack on Dyn showed.

Mirai – the malware responsible for the attack – compromised thousands of Internet-of-Things (IoT) devices such as IP cameras and home routers to turn them into bad bots. The botnet is able to deliver massive volumes of traffic that overloaded Dyn’s network.

Securing all devices by overriding default administrator accounts is a must for all IoT and smart devices. Unfortunately, the sudden boom of cheap devices in the market may have also increased the risk for attacks, since many of them lack security interfaces due to low processing power and computing resources.

Bot attacks are just expected to get much worse in the future.

cybersecurity security bots