What are bots, and why can they be a problem?

A lot of cyberattacks are only effective if the attacker can repeat the same action many times. Instead of the attacker repeating this action manually, they often automate the process by using bots.

In this article, you will learn what a bot is, why they are useful, and how it can be misused.

What are bots?

Bots are automated programs that perform tasks repeatedly. Ideally, these tasks are simple, repetitive, and performed much more quickly by bots than humans. Internet bots (which are also referred to as bots, and are the kind of bots that you will learn about in this step) perform these tasks over the internet.

Bots are a crucial part of the internet’s infrastructure and perform lots of useful tasks. For example, bots identify and index new websites for search engines so that they can be included in search results.

Given that an estimated 4 million blog posts are created every day, the task is too big for humans to manage, so a bot that can process the information much faster is needed.

Botnets

If a task is too large for one bot, a botnet might be used instead. A botnet is a network of computers that are all programmed to perform the same, or a similar, repetitive task. The bots on the net(work) can communicate with each other to effectively share the workload.

Malicious bots

However, not all bots are good. Attackers use bots to increase the scale of their attacks and to reduce their overhead costs (such as computing power and storage).

For example, bots can be used in SQL injections. An attacker might not know which websites are vulnerable to which SQL injections, so they would have to try lots of different inputs in lots of different websites.

If they can program a bot to perform the same action, the process will be much faster, allowing the attacker to find more vulnerabilities. Furthermore, if the process is automated, the attacker can do something else while the program is running.

Attackers and botnets

Attackers also use botnets. These are particularly useful to attackers if they want to send repeated requests to a website which rate limits the number of requests it receives from one IP address (i.e. websites that seek to prevent one individual from trying to perform the same operation too many times).

If an attacker controls a botnet, they can send the request from lots of different computers with different IP addresses, which fools the website into thinking that the requests are all coming from different people.

This setup allows the perpetrator to carry out attacks such as DDoS attacks (you will learn about this in the next step).

Malware

Attackers often create botnets by infecting other people’s computers with malware. This means that their victims are also paying for the energy needed to conduct the attack.

When computers are infected with malware and start running more slowly, the computer may be operating as a bot in a botnet, so part of its processing power is being diverted to the task set by the attacker.

Some statistics

It is estimated that just over half of all activity on the internet is conducted by bots, rather than by humans. Furthermore, more bot activity is performed by malicious bots than by regular ones.

This means that an alarmingly high proportion of internet activity is malicious; in fact, about one in every three visitors to a website is a malicious bot. These statistics come from a report by the security company Imperva — you can click here to read more.