Traffic from “bad bots”—those created with malicious intent—first surpassed good bot traffic in 2016, Imperva’s research said, and it’s been getting worse. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic.
Bad bots do all kinds of unpleasant things. An increasing number try to hijack peoples’ online accounts, which they often do by “credential stuffing.” This is where a bot takes a password and email address that has been stolen and leaked online, and then tries those credentials across a myriad of services in the hope that its owner will have reused the password elsewhere. These account takeover attacks have skyrocketed lately. Other attacks include scraping data from websites, which is a problem for businesses that don’t want their intellectual property stolen, and also for the individuals who own that data.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Dell laptops and computers vulnerable to remote hijacks
May 1, 2019
A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems. Dell has released a patch for this security flaw on April 23; however, many users are likely ...
- APT trends report Q1 2019
April 30, 2019
For just under two years, the Global Research and Analysis Team (GReAT) at Kaspersky Lab has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. ...
- Dispelling Myths Around SGX Malware
April 29, 2019
A group of security researchers from Graz University of Technology recently disclosed detailed methods of deploying attacks from inside Intel’s SGX Security Enclave. The research paper received decent media attention probably due to recently discovered architecture vulnerabilities, such as Meltdown and Spectre. Researchers also released proof of concept (PoC) code for Linux that successfully escapes the securely ...
- I know what you did last summer, MuddyWater blending in the crowd
April 29, 2019
MuddyWater is an APT with a focus on governmental and telco targets in the Middle East (Iraq, Saudi Arabia, Bahrain, Jordan, Turkey and Lebanon) and also a few other countries in nearby regions (Azerbaijan, Pakistan and Afghanistan). MuddyWater first surfaced in 2017 and has been active continuously, targeting a large number of organizations. First stage infections ...
- ‘Karkoff’ Is the New ‘DNSpionage’ With Selective Targeting Strategy
April 24, 2019
The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted malicious documents to infect victims’ computers with DNSpionage—a custom remote administrative tool that uses ...
- Operation ShadowHammer: a high-profile supply chain attack
April 23, 2019
In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard. The topic was also one of the research announcements made at the SAS conference, which took place in Singapore on April 9-10, 2019. Now it is time to ...