What Are Bots?
Bots are automated software programs designed to carry out various tasks, including both helpful and malicious activities.
Bots are automated software programs designed to carry out various tasks, including both helpful and malicious activities.
Bots are software applications or scripts that perform automated tasks over the Internet, often mimicking human behavior. Automations such as search engine crawlers and chatbots have become an integral part of our online experience, revolutionizing the way people and organizations interact with technology. Understanding both the positive and nefarious role of bots on websites, applications, and systems is key to building a better—and safer—digital world.
Bot is short for robot, a software program or script that performs automated, repetitive, pre-defined tasks. Bots are omnipresent on the web; it is estimated that up to 50% of Internet traffic is from non-human visitors. Bots are designed to imitate, augment, or replace human user behavior on the web; however, bots operate much faster than humans and can be scaled into botnet armies that are relentless in pursuit of their assigned task. Depending on how they are designed, they can be helpful—like shopbots or monitoring bots, or they can be malicious, misleading users, stealing data, generating denial of service attacks, compromising customer accounts, and helping criminals commit fraud and identity theft.
Businesses and organizations face the challenge of blocking malicious bots without impacting the good bots that help facilitate online commerce, all without strict bot management controls like CAPTCHA or multi-factor authentication (MFA) that create friction for your legitimate users.
Bots perform many helpful or useful tasks on the web. Search engines employ web crawlers or spiders to scour and index billions of web pages and make the results available to search engines. Tracking and monitoring bots also comb through the web, but are designed to search out and flag specific types of content, perhaps related to pricing or news, or copyright infringement. Personal assistants like Alexa or Siri are also bots, deployed across the web to search for answers to queries or other requests. Social media bots perform automated tasks on social media platforms, and can engage with users, like posts, follow accounts, and even generate content.
Another excellent example of friendly bots are chatbots, which automate customer service on websites. These bots can be programmed with artificial intelligence and natural language processing to provide information or answer questions via on-line chat conversations or text-to-speech interactions, with the ability to analyze requests and provide responses at an almost human level.
The ability of bots to automate repetitive tasks can also be employed with malicious intent. Cybercriminals program malicious bots to launch a wide range of creative, complex, and stealthy attacks that seek to exploit attack surfaces across web properties and applications. One of the most common attacks is credential stuffing, which commonly leads to account takeover and fraud. These automated attacks use stolen usernames and passwords against web login forms to gain access and control online accounts. Similarly, criminals can use bots to automate the account creation process and establish false accounts that are used for fraudulent purposes, or program bots to apply for credit cards or loans to defraud financial institutions. Gift card cracking and loyalty point fraud are type of abuse in which bots identify accounts that hold value, and then redeem or otherwise monetize the value before the legitimate customer can use it.
Reseller bots, sometimes referred to as scalper bots, are programmed to buy up mass amounts of goods or services, which are usually resold on secondary markets at a significant mark-up. These bots allow criminals to control inventory or prices, leading to artificial scarcity, denial of inventory, and consumer frustration.
Content scraping involves the use of automated bots to analyze and collect large amounts of content from a target website in order to reuse or sell that data elsewhere. This can lead to price manipulation and the theft of copyrighted content; high levels of content scraping activity can also impact site performance and prevent legitimate users from accessing a site.
Degrading site performance is the intended goal of distributed denial of service (DDoS) attacks, when criminals direct large numbers of bots from multiple connected devices to overwhelm websites, servers, or networks, resulting in a denial of service to normal, legitimate traffic, impacting an entire online user base. DDoS attacks can be extremely destructive, leading to loss of revenue, extortion, and long-term reputation damage.