With more than 980+ cyber security breaches across all online businesses and 35 million accounts exposed. Yahoo! In a 2016 report, disclosed that more than 1 billion accounts have been stolen. $400 billion was reportedly lost to cyber attacks across all industries this year. With this trend, the losses are set to top out at around $2.1 Trillion by 2019.
Now, let’s look at the top 4 incidences of bots that altered history in 2016.
- Dyn Cyberattack (Mirai) — The 2016 Dyn cyberattack took place on October 21st 2016. The attack was carried out by a malware known as Mirai. Mirai ( Japanese word for “The Future”) is a malicious software that turned Internet of Things (IoT) into bots, which was later used in the record breaking exploit. Since 2010, the number of devices connected to the internet has doubled from 12.5 billion devices to 25 billion. Mirai malware worked on the principle of identifying vulnerable IoT devices with default username and password, and planting the malware into them. Once the devices turned bad, bots in tandem were able to produce over 1.2 terabytes/sec attacks. Major websites such as Amazon.com, Netflix, CNN, BBC etc were taken down by the bad bots. This is by far the biggest attack on the free internet. This is a case in point to understand what it meant for services routed via DNS during the Dyn cyberattack.
- Bots used for influencing public: Social media bots were the most active in 2016. With major events such as Brexit and US elections, social media bots were the most influential.
Brexit: Automated social media accounts produced by both sides of the debate created these bots to have a massive influence on the referendum vote; especially on those last-minute ‘undecideds’ Researchers from Oxford University have found that bots played a strategic role during the debate. The social media bots helped to circulate ‘repetitive’ political content to manipulate the thinking of the general public. Social media bots had a very simple role to play during Brexit, they had to tweet pro or anti Brexit tweets over and over again or just retweet /share messages of influencers on either side. This helped them float the message they wanted for a much longer time, on the social media platforms than required.
US elections: As per Twitter Audit, Donald Trump’s twitter account had almost 40% inactive, fake and spam followers, while Hillary Clinton had around 37%. The number roughly adds up to more than 7 million fake/inactive bot accounts that were circulating messages across the globe. These bot accounts helped in propagating messages for both the candidates involved and heavily influenced the undecided voter.
Under the scanner, Impact of Twitter, Facebook, and other social media might be not be considered a serious threat. But the bots spreading propaganda are usually encountered by journalists who use social media. Journalists, in-turn, interpret these bot propagated messages as a trend among people and report it. This increases the influence of such bad social media bots even more. It is crazy how bots can influence and change the course of history for 2 major nations last year, and it’s just the beginning. German Chancellor Angela Merkel’s apprehensions on bots manipulating the upcoming German elections are not unfounded.
- The Rise of Chatbots: 2016 is considered to be the rise of chatbots. With every major e-commerce, service provider producing a chatbot. Early 2016 started a race among companies to create chatbots. Chatbots are highly regarded as the new automated intelligence trend. These bots are created to interact with the user to provide information or to execute simple tasks.
Good chatbots went bad: When Microsoft launched Tay (AI Twitter chat bot) on March 23, 2016, it was the start of a new era. Tay was programmed to learn from its interactions with real users on twitter. Tay, however, ended up becoming a vulgar, racist bot within a few hours. The bot, however, was taken down by Microsoft within 16 hours. By and by, Tay tweeted 96,000 times before it went offline.
- BOTS Act passed in the US senate (Ticket Scalping bots) : Ticket scalping bots were made illegal in the US during December 2016. President Obama had signed the BOTS (Better Online Ticket Sales) Act of 2016. The significance of this bill is that any software or automated bot program used to scalp tickets is now completely ILLEGAL. Finally, ticket scalping is a federal offense. Ticket scalping this year was brought to light by Lin-Manuel Miranda, who was the star of the Broadway show Hamilton. Hamilton tickets were scalped using bots online and were reselling for a higher price on another website. With the help of the senators and mainstream media, congress was able to pass the bill. Ticket scalping bots are notorious for buying out thousands of tickets within a matter of seconds. This frustrates genuine users that visit the site, in the long run hurts the producers as well.
According to a famous online ticket selling website, TicketMaster. In 2016, bots tried to buy 5 billion tickets, or 10,000 a minute, on their website. This resulted in 60% of the tickets getting scalped by bots.
With the surge in malicious bots, there is a need to stop them before they could harm your online businesses. Bots have been increasingly malicious and damaging for all online businesses.
So, have you thought about how your online business may be silently targeted by bad bots? How is your 2017 IT roadmap poised to address bot threats?
About the Author Benjamin Raj Kumar
(Security Affairs — bots, malware)
Originally published at securityaffairs.co on January 12, 2017.