Sophisticated bad bots have evolved to take over mobile devices, leading to increased difficulty in identifying and mitigating the threats they pose, according to a Wednesday report from Distil Networks.
Bots—software applications that run scripts over the internet—make up more than half of all internet traffic. All websites with login pages have been hit with bad bot traffic and face account takeover attempts, a past Distil Networks report found. This creates a major blind spot for IT teams, as 79% of security leaders said they can't tell for certain if web traffic comes from humans or bots, according to another recent report.
Mobile bots are launched from both smart devices and laptops in public places, and use cellular networks to hit their targets, according to the Distil Networks report. By connecting through these cellular gateways, the bots can stay hidden, and are unlikely to be found by IP address blocking. The large number of requests, and the fact that mobile gateways don't provide device origin details, make it even easier for bots to stay under the radar, the report noted.
SEE: Mobile device computing policy (Tech Pro Research)
A mobile bot is created when a smartphone is infected with malware. The device can then communicate with and receive instructions from command and control servers to execute an attack.
Distil Networks examined 45 days of data from six major cellular networks, and found up to 200 million bad bot threats per month coming from just one of the leading networks. Some 5.8% of all mobile devices on cellular networks were used in bad bot attacks, the report found, and were responsible for 8% of bad bot traffic. Almost half (44%) of all cellular IP gateways were used in these attacks, according to the report.
Each day saw an average of 15 devices making bad bot requests on every cellular gateway IP address, the report found. The average number of bad bot requests per day was 50, showing how easy it is for these attacks to hide within large amounts of cellular traffic.
Professionals can avoid bad bot infection by only downloading apps from trusted, reputable sources, the report recommended. You should also avoid downloading unknown or suspicious email attachments, and clicking on unknown links that may be sent without explanation in an email or text message. Smartphone antivirus software can also help protect against malware.
While there is no one-size-fits-all bot defense solution for businesses as a whole, organizations can take the following proactive steps to avoid attack, according to the report:
- Block or CAPTCHA outdated user agents/browsers
- Block or CAPTCHA known hosting providers and proxy services
- Protect every bad bot access point
- Carefully evaluate traffic sources
- Investigate traffic spikes
- Monitor for failed login attempts
- Monitor increases in failed validation of gift card numbers
- Pay close attention to public data breaches
- Evaluate a bot mitigation solution
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 44% of mobile ISP gateways are used in bad bot attacks. — Distil Networks, 2018
- 8% of all bad bot traffic comes from mobile devices. — Distil Networks, 2018
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Humans, cover your mouths: Lip reading bots in the wild (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Keep your files and messages private with these encryption apps (Download.com)
- How to tell if your website has been visited by a bot: 5 tips (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.