In IT Security, IT Trends

The Rise of the Bad Bot: Part One, looked at what bad robots are and how the vast networks of these malicious programs can lead to account takeover and enable other fraud events such as ‘scalping’. Part one, also explored how robots evolve as consumer behavior changes, exploiting these changes for bad bot deeds.

This second part of what makes bad bots tick, based on the Bad Bot Report 2021: The Pandemic of the Internet”, explores how bad robots are taking over the internet and the industries most affected. To counterbalance the scourge of the bad robot, organizations can use best practice measures; these measured are outlined below.

Industry: the bad bot hits where it hurts

Cybercriminals always look for the most lucrative target. If that industry sector is also easy to attack, this pushes that sector up the list of most attractive targets. Bad bots are often deployed by rogue competitors or illegitimate entities to wreck an industry player’s standing or exploit promotions. They are also used for other nefarious reasons. The activities behind bad robot exploits cover a range of events including:

Data scraping

Extraction of data such as pricing from a site, without the owner’s permission. This form of a bad robot is typically deployed by competitors and can lead to booking engine abuse.

Denial of inventory

Bots can be used to fill shopping carts and prevent legitimate customers from making purchases.

Account takeover

Use of bad robots for credential stuffing attacks to break into accounts and take them over for fraud purposes.

Card fraud

New functionality, such as gift cards, is also a gift to bad bots who take advantage of these features to commit fraud. Bots are also used to ‘test’ cards out to identify missing data such as CVV number.

Denial of service (DDoS)

Bots can be used to slow website performance and impact customer experience.

Account creation

Accounts can be created by bots and then used to spam or to generate propaganda. These accounts can also be used to exploit free promotions, etc.

A bad bot coming to an industry near you

The function of a bad robot is tailored to a specific industry, reflecting how that sector operates. The Bad Bot Report 2021 found that the most affected industry in 2020 was telecoms and ISPs, with almost half of bots hitting this sector, being bad. However, no industry is safe from the cult of the bad robot. How the bad bot impacts a sector, however, can provide an insight that can help to define what measures are used to protect against them. Five examples of how and why certain industries are targeted include:

Telecoms and ISPs

Over 45% of bot activity in this sector was bad. Account takeover was the main reason for bad robot attacks. However, data scraping by competitors was also a concern.


Healthcare organizations dealt with around 27% of bad robot activity in 2020.  Bad robot activity in the healthcare sector saw a rapid increase in 2020, partly due to the Covid-19 pandemic opening exploitation opportunities; bots being used to spread fake news and to grab vaccine appointments ahead of the queue. Account takeover via a bad bot attack, is also a concern in the healthcare industry.


Over 25% of traffic to education-related websites was bad robots. The increase in online learning during the pandemic was behind a large amount of bad robot activity in the education sector. This activity included the scraping of research papers and account takeover.


Almost 23% of web traffic on retail sites was bad robots. A wide range of fraud events took place via these bad bots: this included account takeover, data scraping, and credit and gift card fraud.


Around 20% of bot activity was bad in the government service sector. Amongst the reasons for robot activity was election fraud.


Know your bad bot

The Bad Bots Report 2021 makes some important suggestions for protecting your website against an attack by bad robots:

Plan for bad bots

The fraudsters behind bad robots look for exploitable conditions. This includes events such as marketing campaigns that launch limited quantity, high demand products. Be prepared to handle the increased traffic and detect signs of a bad robot attempting to place a product in shopping carts and prevent legitimate purchases.

Added functions attract bad bots

New functionality, such as requiring login credentials, or offering a gift card, attracts bad robot activity. If you add new features, ensure that effective security measures, such as second-factor authentication, are used.

Block bad bots

Various measures can be used to attempt to block bad robot activity. This includes preventing the use of outdated browsers or user agents and blocking certain known hosting services.

Protect APIs

Block access points to APIs on both websites and mobile devices.

Check traffic sources

Keep a careful watch on web traffic to ensure it is legitimate: High bounce rates and conversion rates can be indicators of bad bot activity. Traffic spikes may also be a signal of bad bots on the rise.

Failures could signal bad bots

Multiple failed login attempts can be a sign of credential stuffing attacks. And, repeated failed validation of gift cards can be a sign that a bad bot is on the loose.

Punishing the bad bots using good security

Defending a site from a bad bot attack is becoming more complicated as the bad robot becomes ever more sophisticated.  The Bad Bot Report 2020 suggests using a WAF (Web Application Firewall) and CDN (Content Delivery Network) solution that is designed to have bad robot protection as an intrinsic feature. However, robots, both good and bad, evolve as the technological landscape changes. To ensure that bad robot attacks are prevented, a skilled and experienced managed service provider offers the knowledge to keep one step ahead of the bad bot fraudsters.

Contact us for details on how Wendego can protect you from an invasion of bad bots…

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

bad botsCyber Insurance