Traffic from “bad bots”—those created with malicious intent—first surpassed good bot traffic in 2016, Imperva’s research said, and it’s been getting worse. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic.
Bad bots do all kinds of unpleasant things. An increasing number try to hijack peoples’ online accounts, which they often do by “credential stuffing.” This is where a bot takes a password and email address that has been stolen and leaked online, and then tries those credentials across a myriad of services in the hope that its owner will have reused the password elsewhere. These account takeover attacks have skyrocketed lately. Other attacks include scraping data from websites, which is a problem for businesses that don’t want their intellectual property stolen, and also for the individuals who own that data.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Mobile-First Phishing Kit Targets Verizon Customers
April 2, 2019
As people increasingly go mobile-first in their work and personal lives, cybercrime is keeping up: The latest is a phishing kit that specifically targets Verizon Wireless customers in the U.S. According to Jeremy Richards, a researcher at Lookout Security, the kit pushes phishing links to users via email, masquerading as messages from Verizon Customer Support. These ...
- Google Warns of Growing Android Attack Vector: Backdoored SDKs and Pre-Installed Apps
April 1, 2019
Google is reporting an uptick in efforts by bad actors to plant potentially harmful applications (PHAs) on Android devices via pre-installed apps and by bundling them with system updates delivered over the air. The technique is especially troubling, Google said, because PHAs are often malicious and users have no control over what comes pre-installed on their ...
- Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk
March 29, 2019
A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive’s physical process and or even stop it. A critical denial-of-service (DoS) vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors. The vulnerability was identified in Rockwell Automation’s PowerFlex 525 ...
- The latest dark web cyber-criminal trend: Selling children’s personal data
March 27, 2019
Imagine you’re a teenager, applying for credit to buy your first car or maybe a loan to go to university. You don’t remember taking out a credit card when you were six years old, but the bank is adamant, and now you have a poor credit rating and in their eyes, you’re persona non grata. ...
- Threat Landscape for Industrial Automation Systems in H2 2018
March 27, 2019
All statistical data used in this report was collected using the Kaspersky Security Network (KSN), a distributed antivirus network. The data was received from those KSN users who gave their consent to have data anonymously transferred from their computers. We do not identify the specific companies/organizations sending statistics to KSN, due to the product limitations and regulatory ...
- Malware Payloads Hide in Images: Steganography Gets a Reboot
March 25, 2019
Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look. One of the challenges of cybersecurity is that overfocusing on one threat trend means that another one can sneak up on you. This is especially problematic as our networks and the attack ...