Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Botnet trafffic in 2015 - the invisible force that wants to eat the Internet

John E Dunn | Dec. 22, 2015
It sounds counter-intuitive but a new analysis from Imperva's Incapsula division has confirmed one of the Internet's most surprising secrets: a large proportion of website traffic isn't generated by human beings.

You note the continued decline in the volume of spam bots, in your figures only 0.1 percent of traffic. What caused this and what does it tells us about the relative decline of the spam model?

Ziefman: The creation of backlinks for Black Hat SEO purposes was one of the major motivations behind spam attacks. The decrease in Spam bots is tied to Google's decision to penalise websites that benefit from these links, and also anyone who hosts spam links. I don't think this means the end of spam and, in our case, 19 million spam attack incidents (0.01 percent of the 19 billion visits in our sample) is still a lot. Having said that, I think that spammers have lost one of their main incentives. I also think that the fear of penalty has led more website owners to take steps towards hardening spam protection in their comment sections.

The Internet has been a phenomenon of the developed world until now but this is changing quite rapidly. How might this change or perhaps even worsen botnet crime?

Ziefman: Bad bots originate from compromised devices and are injected with remotely operated malware. These are found more often in developing countries, which have a higher percentage of first-time computer/device owners, looser security standards and vendors who are generally less security aware. The experience of more frequent Internet usage promotes awareness, which makes a hacker's job more difficult.

You allude to inter-governmental action. Is this realistic? Cyber-extortion seems to almost unstoppable in the absence of internal police enforcement.

Ziefman: I think it has to be. This is the new reality, and we have to be creative, but I`m not sure why we should be accepting of a situation where an organization has the choice to pay off cyber criminals, or where services that enable cyber extortionists are allowed to operate in broad daylight, as is the case with DDoS-for-hire services. I think that a decisive international policy is the right answer and I think it will happen sooner than we think. This week, the world came together and recognised the necessity of ground rules that help preserve our ecosystem. If we can deal with an issue of that scope, laying down some ground rules to deal with cyber criminals shouldn't be that unrealistic.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.