This past Wednesday, the U.S. Justice Department announced the dismantling of the 911 S5 Botnet, allegedly one of the largest botnets worldwide, and the arrest of its administrator in a joint operation by the FBI and other law enforcement agencies in Singapore, Thailand and Germany. The botnet, consisting of malware-infected computers in 200 countries worldwide, was used to power a variety of criminal internet activities like fraud, harassment or child exploitation between 2014 and 2022.
The true prevalence of web traffic generated via bots far extends that of professional botnets like 911 S5. As the annual Imperva Bad Bot Report shows, almost half of all traffic is related to bot activity, with one third of the overall global traffic being connected to malicious programs. These programs are used in a wide variety of situations. For example, scalpers use bots to buy up limited edition items like footwear or electronics, while other bad actors use programs for Distributed Denial of Service (DDoS) attacks, taking down specific websites by overloading their servers. Around 18 percent of bot traffic can be traced back to benign usage like search engine crawlers indexing the web.
Cybercrime is as dangerous for its victims as it is lucrative for its perpetrators. For example, according to a report by internet security firm Keeper, the average U.S. company experienced 42 cyberattacks in 2022, with 15 percent of the 516 IT decision makers responding claiming their company has lost more than $500,000 in successful cyberattacks and 37 percent claiming that more than $100,000 were stolen.