Imperva also notes that their activity is lagging the growth in users. So why does the activity of good bots matter anyway?
Ziefman: Good bots are a big part of the Internet ecosystem. Also, they are behind a good chunk of bandwidth consumption. Specific crawlers, such as Googlebot, provide crucial business functions.
You found that traffic generated by humans crossed the 50 percent mark in 2015 - how did you measure this and what does it signify?
Ziefman: We sampled 19 billion visits to websites on Imperva Incapsula's network. As for the significance of the 50 percent mark, I think it changes the way we think about online traffic. For us, during the past four years, it was clear that most visitors were not human and the number was expected to continue growing. This year's data points to a different trend, one which we need to investigate further. Simply put, if you had asked me a year ago to predict the state of online traffic in 2026, I would have estimated that 80 percent would be bots and 20 percent would be humans. Having a data set that forces me to consider an opposing scenario shows just how complex the traffic landscape really is, and it is affected by trends in cyber space and the real world.
And yet botnets remain a major force so what, if anything, can be done to counter them? They seem almost irresistible.
Ziefman: The lack of security awareness is the major enabler for the creation of botnets, which are large clusters of compromised, under-protected, connected devices. Furthermore, the promise of profit is a major motivation for people who compromise these devices. For example, in a world where paying a ransom to a botnet operator is completely out of the question, no one would use a botnet for an extortion attack. Botnets are a threat, and dealing with them begins with promoting some general ground rules. In the absence of these rules, anarchy will continue to thrive.
What about botnets used in DDoS attacks? These seem to be the dominant force in botnet activity.
Ziefman: Absolutely. In our research, DDoS bots are categorised as Impostors, which are behind nearly a quarter of all visits. Now, other types of attacks may employ Impostor (browser-like) bots as well. However, DDoS bots are the majority of that traffic.
Can anything be done to stop the growth of DDoS-for-hire botnets? Some firms such as Level 3 advocate dealing with them at service provider level and yet others in that industry are reluctant to get involved.
Ziefman: Yes. I think there is a lot that can be done against them on the service provider level, and I think that Internet Service Providers (ISPs) are in a good position to prevent DDoS attacks in general. However, I also think that there are things that can be achieved on a regulatory level. Many of these attacks are motivated by extortion attempts. A rule or law that prohibits ransom payments to DDoS extortionists, or at least severely limits a company's options and a perpetrators likelihood of profit, would be extremely helpful. Also, the prosecution of botnet-for-hire operators, which we have seen in recent years, is an important step towards eliminating the motivation behind DDoS-for-hire activities.
Sign up for CIO Asia eNewsletters.