Automated traffic takes up nearly two-thirds of total internet traffic (64 per cent), according to a new report from Barracuda Networks.

The study from the cloud security provider also found that nearly two-fifths (39 per cent) of automated traffic was made up by bad bots such as web scrapers and attack scripts.

Meanwhile 25 per cent of automated traffic was made up by good bots, such as search engine crawlers and social network bots.


The ‘bad bots’ detected as part of the study also included advanced persistent bots. These try their best to evade standard defences and attempt to perform their malicious activities under the radar.

The report revealed that the most common of these persistent bots were likely to target e-commerce applications and login portals.

The report into automated attacks also included a breakdown of bad bot traffic by location, revealing that North America accounts for 67 per cent of bad bot traffic, followed by Europe (22 per cent) and then Asia (7.5 per cent).

European bot traffic was more likely to come in from hosting services (VPS) or residential IPs than the North American traffic, most of which originated from public data centres.

The research also revealed that most bot traffic comes in via the two largest public cloud vendors, AWS and Microsoft Azure, in roughly equal measure.

This is likely because it is easy to set up a free account with either provider, and then use the account to set up the bad bots, according to Barracuda researchers.

Finally, the report found that bad bot traffic tends to follow the standard workday, allowing them to hide within normal human traffic streams to avoid raising alarm bells.

Commenting on the findings, Nitzan Miron, vice president of product management, application security at Barracuda said: “While some bots like search engine crawlers are good, our research shows that over 60 per cent of bots are dedicated to carrying out malicious activities at scale.

"When left unchecked, these bad bots can steal data, affect site performance, and even lead to a breach. That’s why it’s critically important to detect and effectively block bot traffic.”

Share Story: