Halting the march of malicious bots

Reuters

Are bots a force for good, or do they wreak havoc on the environment and businesses? The answer lies somewhere along a continuum.

Firstly, what is a bot? A computer bot – short for robot – is a software application used to automate specific tasks, meaning they can run without certain instructions from humans.

On one side of the spectrum, mass-scale bots such as Google’s search engine can enhance our online experience by helping us find information quickly. This automation is undeniably beneficial. 

However, the digital world is plagued by malicious bots, such as spam or malware, designed solely to exploit vulnerabilities for financial gain. 

• China’s Baidu sues Apple over fake Ernie bot apps
• Logistics companies targeted in latest global cyber fraud
• One in 10 financial transactions in UAE are malicious cyberattacks

“These are 100 percent bad,” says Dan Woods, former FBI agent, CIA officer, and now the global head of bots and risk management at F5, an application security company.

Woods was speaking at Gitex, the global tech show that took place in Dubai on October 16-20.

Regrettably, the prevalence of harmful bots surpasses that of their helpful counterparts.

According to Bad Bot Report – a global study by US-based cybersecurity firm Imperva – almost half of all internet traffic came from bots last year, a 5.1 percent increase over the previous year. Of that automated traffic, almost a third was from malicious bots.

Bad bots can be used to scrape data, launch attacks and even commit fraud, leading to significant costs in terms of both time and money.

Somewhere between these extremes dwells a wide array of bots. Some help users to snag limited-time offers or concert tickets, while others manipulate the system and make life difficult for regular customers.

It is a grey area, in which what is good for a company may not align with customers’ interests.

Understanding the good and the bad

Interestingly, many companies express their discontent publicly but privately appreciate the boost in sales.

A study by US-based conversational automation platform Botco revealed that 83 percent of the respondents said bots increased their lead generation volume – identification of potential customers – by at least five percent.

For certain industries, such as hospitality and aviation, malicious bots can generate false leads and distort critical metrics, making it challenging to determine the effectiveness of their marketing efforts. All these bot-related activities come with associated costs, which can affect a company’s bottom line. 

Distorting social media

Take, for instance, social bots that communicate autonomously on social media.

X – formerly Twitter – claimed that only five percent of its accounts were fake, but this assertion was met with scepticism. 

F5’s Woods created a fake account to investigate and delved into the motives behind bots and fake accounts on the platform. 

He discovered a marketplace in which followers could be purchased for less than $1,000, quickly gaining more than 100,000 followers – most of whom were fake, with randomly generated usernames.

The experiment extended further as he designed a bot to create accounts on the site. It became evident that X’s anti-bot measures were limited. It only triggered a Captcha request – a simple test to ensure the user is human and not automated – when the bot’s activity intensified.

Woods estimated that around 80 percent of all Twitter accounts were potentially fake.

The concern underlying this revelation was the possible misuse of this infrastructure by hackers to manipulate public opinion. This alarming aspect, often overlooked, could have far-reaching consequences. 

X owner Elon Musk even shared a link to an article highlighting these findings, drawing significant attention to the issue. As a result, the site began to take action against fake accounts, but some “sticky accounts” that appear more genuine remain. 

Getting it right

To effectively navigate the digital landscape, it is crucial to distinguish between the two ends of the bot spectrum. 

Collecting client-side signals – those from the end user’s device – involves analysing browser behaviour and device attributes. It is vital for distinguishing between good and bad traffic. 

To tackle the bot problem, organisations must first acknowledge their existence.

Once the extent of malicious bot activity is understood, companies can decide which applications are being targeted and take appropriate action.

Understanding and regulating the bot ecosystem is essential to creating a balance between automation and security in our increasingly digital world.

Divsha Bhat is technology editor at AGBI