Automated entities known as bots create about half of the internet’s traffic, and many of them are dangerous to online businesses and customers.
By winning users’ trust and taking advantage of it, bots can aid in the creation of phishing scams. In a comment given to TechNewsWorld, Christoph C. Cemper, founder of AIPRM, an AI prompt engineering and management business based in Wilmington, Delaware, stated that these frauds can have major repercussions for the victim, including identity theft, financial loss, and the propagation of malware.
“Unfortunately, bots pose other security threats as well,” he added. Additionally, they can harm a brand’s reputation, particularly for companies and brands with well-known social media accounts and strong interaction rates. Bots can damage a brand’s reputation and decrease customer loyalty by linking it to dishonest and immoral activities.
The Imperva 2024 Bad Bot Report states that there has been an alarming increase in bad bot traffic for the fifth year in a row. It stated that the rise is partially due to the growing acceptance of large learning models (LLMs) and artificial intelligence (AI).
According to the research, malicious bots accounted for 32% of all internet traffic in 2023, up 1.8% from 2022. From 17.3% of all internet traffic in 2022 to 17.6% in 2023, the percentage of good bot traffic also rose, albeit not as much. In 2023, human traffic dropped to 50.4% of all traffic, meaning that 49.6% of all traffic was non-human.
James McQuiggan, a security awareness advocate at KnowBe4, a security awareness training company in Clearwater, Florida, noted that “good bots help index the web for search engines, automate cybersecurity monitoring, and assist customer service through chatbots.”
He told TechNewsWorld, “They help with identifying vulnerabilities, enhancing IT workflows, and simplifying processes online.” “The challenge lies in distinguishing between beneficial automation and malicious activity.”
According to Thomas Richards, network and red team practice director at Black Duck Software, an applications security firm based in Burlington, Massachusetts, automation and success are the main factors driving the growth patterns for botnet traffic.
“Malicious actors can accomplish their objectives by scaling up,” he told TechNewsWorld. “AI is having an effect by enabling these malevolent actors to automate processes like coding and act more human. For instance, Google has disclosed that harmful content has been produced using Gemini.
“This is also evident in other commonplace situations,” he added, “such as the difficulty in obtaining concert tickets for well-known events in recent years. In order to purchase tickets more quickly than a human could, scalpers figure out how to create users or utilize compromised accounts. By reselling the tickets at a significantly higher price, they generate revenue.
Stephen Kowski, field CTO at SlashNext, a Pleasanton, California-based computer and network security firm, emphasized that implementing automated attacks is simple and lucrative.
He told TechNewsWorld, “Criminals are evading traditional security measures by using sophisticated tools.” “Bots can better imitate human behavior and adjust to defensive measures thanks to AI-powered systems, which also make them more convincing and difficult to detect.”
“The growing value of stolen data combined with easily accessible AI tools creates ideal conditions for even more sophisticated bot attacks in the future,” he stated.
Why Malicious Bots Pose a Dangerous Risk
Non-human internet traffic is expected to keep increasing, according to David Brauchler, technical director and head of AI and ML security at the NCC Group, a worldwide cybersecurity firm.
“Bot-related traffic has had the opportunity to continue increasing its share of network bandwidth as more devices become internet-connected, SaaS platforms add interconnected functionality, and new vulnerable devices enter the scene,” he told TechNewsWorld.
Bad bots may do a lot of damage, Brauchler continued. “By overloading network resources to prevent access to systems and services, bots have been used to cause mass outages,” he stated.
He clarified, “Bots can also be used to impersonate realistic user activity on online platforms with the advent of generative AI, increasing spam risk and fraud.” “They are also capable of identifying and taking advantage of security flaws in computer systems.”
He argued that the spread of spam is the largest threat posed by AI. He said, “There isn’t a robust technical solution to detect and block this kind of content online.” This phenomena has been dubbed “AI slop” by users, and it runs the risk of overpowering genuine online relationships with fake content.
However, he warned that the sector should exercise extreme caution while determining the best way to address this issue. “Many potential remedies, especially those that risk attacking online privacy, can cause more harm,” he stated.
How to Spot Dangerous Bots
It can be challenging for humans to identify a malevolent bot, Brauchler admitted. According to him, “the vast majority of bots don’t function in any way that humans can detect.” “They make direct contact with systems exposed to the internet, requesting information or engaging with services.”
He went on to say, “Autonomous AI agents that can pose as humans in an effort to defraud people online are the category of bot that most humans are concerned with.” “By engaging with AI text generators online, users can learn to recognize the predictable speech patterns used by many AI chatbots.”
“Similarly, users can learn to look for a number of ‘tells’ in AI-generated imagery, such as muddled backgrounds, edges of objects melting into one another, and broken patterns like hands and clocks being misaligned,” he said.
“Users can learn to recognize the unique inflections and tone expressions of AI voices,” he continued.
On social media sites, malicious bots are frequently employed to obtain reliable access to people or groups. Kowski advised, “Be on the lookout for warning indicators such as odd friend request patterns, generic or stolen profile pictures, and accounts that post at inhuman speeds or frequencies.”
Additionally, he cautioned against profiles that advocate particular agendas through automated responses, have little personal information, or exhibit questionable participation patterns.
He went on to say that real-time behavioral analysis in the workplace can identify automated actions, such incredibly quick clicks or form fills, that don’t correspond with typical human patterns.
Danger to Companies
According to Ken Dunham, director of the threat research team at Qualys, a Foster City, California-based company that offers cloud-based IT, security, and compliance solutions, malicious bots can pose a serious risk to businesses.
“They can be weaponized once gathered by a threat actor,” he told TechNewsWorld. “Bots possess amazing resources and capabilities to carry out anonymous, distributed, asynchronous attacks against preferred targets, including vulnerability scans, attempted exploitation, distributed denial of service attacks, brute force credential attacks, and more.”
According to McQuiggan, malicious bots can also target public-facing systems, API endpoints, and login portals. This puts organizations at danger as the bad actors look for vulnerabilities to discover a method to access the internal infrastructure and data.
“Businesses may be exposed to automated threats if they do not have bot mitigation strategies in place,” he stated.
He suggested using multi-factor authentication, technological bot detection tools, and traffic monitoring for irregularities as ways to lessen the risks posed by malicious bots.
In order to lower success rates, he also suggested using Captchas, restricting outdated user agents, and, if at all feasible, limiting interactions.
“An employee’s awareness of bot-driven phishing and fraud attempts can ensure a healthy security culture and reduce the risk of a successful bot attack through security awareness education and human risk management,” he suggested.
