Every day the world sends billions of emails and instant messages, posts hundreds of millions of social media updates and shares vast numbers of photos with friends and family. Then there’s online shopping, banking, remote working, video conferencing and more, all passing through the internet, connecting us wherever we are.
But even as internet usage grows, it makes up just a fraction of total online traffic. In fact, one recent report suggests that these human-led activities account for just 27% of internet use. So where does the other 73% come from?
Malicious bots.
Bad bots break passwords
Security researchers estimate that nearly three quarters of online traffic is caused by cybercriminals and scammers. They have been using smart systems (‘bots’) to automate many of the common tasks involved in hacking and online theft.
Take credential stuffing, a popular technique for breaking into an online account:
- The hacker acquires a list of stolen usernames and passwords.
- They choose a target website, like Amazon, and begin testing the stolen credentials to see if they can access an account.
- Take control of the account and use to place fraudulent orders or steal personal information.
- Repeat the process for the next credential pair.
For a human, this process can take a few minutes for each username / password combination. And for a target list that contains hundreds or thousands of credentials, testing them all could take weeks.
Now imagine you could automate this process. Using bots, the hacker can do the credential checking process automatically, which is much quicker than having to do it themselves. Bots can even attack several websites simultaneously, allowing the hacker to increase their chances of success.
For cybercriminals, line any legitimate business, time is money. So they invest in attacks that yield the biggest results soonest. With bots they have found a way to maximize their reach quickly and cheaply.
More than simply stealing passwords
If there is a way to make money online, criminals have probably already found a way to automate it with bots. Bots can be used to take web services offline with a distributed denial of service (DDoS) attack for instance.
Other bots may ‘scrape’ personal information from public websites and feed it into a machine learning algorithm to improve future hacking attempts. They can also create fake website accounts, defraud advertisers, create and send spam (including SMS messages) and more.
Good technology used for bad
Bots are an incredibly useful technology. Think of the chatbots used by many websites to help you locate the product or service you need, using AI-driven questions and responses to give you information.
Unfortunately, bots have become a very valuable tool for criminals – and the amount of malicious bot activity grows every year. Expect to see another significant rise in attacks next year.
In the meantime, make sure your personal information is secured against bot attacks with Panda Dome Passwords (to strengthen and secure your login credentials) and Panda Dome Premium (to prevent your device becoming a bot).