Pierluigi Paganini December 16, 2013

Incapula security firm published a new report on the analysis of website traffic evidencing the increment for malicious activities.

Researchers at the Incapsula security firm have published a new study on the nature of website traffic, early 2013 the company revealed that 51% of the overall traffic was generated by non-human entities and 60% of it was related to malicious botnets.

The experts observed 1.45 Billion bot visits on nearly 20,000 sites on Incapsula’s network in around 90 days, the traffic was originated from any of 249 countries in the world.

Respect the data provided in the previous report from 2012 the bot traffic is increased of 21%, fortunately the increase is mainly attributable to the activity of good bots (i.e., certified agents of legitimate software, such as search engines).

Those legitimate entities have increased their volume from 20% to 31% from last year due to the evolution of web based services and increased activity of existing bots.

The overall malicious traffic remains unchanged,  31% of bots still belongs to malicious botnets but it is evident a reduction in Spam Bot activity from from 2% in 2012 to 0.5% in 2013, the experts believe that Google was able to discourage link spamming practices, causing a 75% decrease in automated link spamming activity.The data that most of all has attracted my attention is the 8% increase in the activity related to unclassified bots with hostile intentions and defined in the report as “Other Impersonators”.

The phenomenon is related to malicious bots that pretend to assume a spoofed identity, for example trying to appear as search engine bots or legitimate service bots, to compromise targeted websites, for example recently security experts at Securi firm have detected a series of SQL Injection attacks conducted abusing of the Google Bot activity.

Bots belonging to this category are specifically designed bots, not attributable to common malware, used to sophisticated hacking campaigns.

“These can be automated spy bots, human-like DDoS agents or a Trojan-activated barebones browser. One way or another, these are also the tools of top-tier hackers who are proficient enough to create their own malware. The 8% increase in the number of such bots highlights the increased activity of such hackers, as well as the rise in targeted cyber-attacks.”

A good example of such traffic is recent volume  originated for volumetric Layer 3-4 DDoS attacks.

Below a very useful Infograph that resume the results of the study.

Pierluigi Paganini

(Security Affairs –  Incapsula, website traffic report)