For those who are more up to date with latest episode of The Walking Dead than with the terms bots, botnets, and zombies, let’s make sure we are all on the same page. I want to talk about what these terms mean right now, what the future holds, the importance of the human factor, and social engineering.
What are Bots, Botnets and Zombies, and How are They Related?
Generally, a bot is considered a script, malware, or a type of application designed to do specific automated tasks that would otherwise take a human far too much time to complete. Often, they are found in messaging apps where they make users feel as if they are chatting back and forth as one would do with a human. Some bots are used to handle a range of customer service activities – often called chatbots, which would normally require a telephone call to a human agent. Just recently Taco Bell unveiled a bot that enables customers to order meals via Slack.
Other bots like Lawbot can analyze legal contracts, finding potential risk areas and suggesting how the terms can be improved. As bot technology improves, the thought is that bots will be able to automate all sorts of activities; even those that are extremely complex.
Bots can also gather and interact, creating what are called botnets – or zombie armies – which is a number of computers that, without the consent of their owners, have been set up to forward things like spam or viruses to other computers on the internet. Since a botnet can be made up of computers from anywhere in the world, they do not gather in the same physical place. If bots become infected, they can be controlled remotely, effectively invisible to the computer’s’ owner.
According to Kaspersky Labs, botnets and not spam, viruses, or worms are what pose the biggest threat to the internet today.
Unlike good bots, malicious non-humans are often employed by individuals or small criminal groups, not organizations. As a result, their growth is more closely tied to the increase in Internet human population – which is by all accounts, growing.
While bots have been around since the start, the internet is generally in accord that 2016 is the year of the bots. This can be attributed to the fact that artificial intelligence software – the technology that powers bots – is improving dramatically thanks to advances made by companies like Facebook and Google.
What are Botnets Used for?
Botnets are used for many different things but cybercriminals use bots in several different ways to extort financial gains out of their victims. The most common methods are:
- Spamming and Phishing: which can vary to catch victims off-guard and trick them out of their money
- Distributed Denial of Service (DDoS): which can often be part of a bigger plan
- Zombie Leasing: where people rent zombie to others to use
- Identity Theft: since bots can also collect information from the computers they infect, they are sometimes used to steal confidential data from the victim
Isn’t This Old News?
Yes and no. The days when botnets like Rustock were responsible for 30 percent of spam worldwide are long gone. But other very sophisticated bots like Qbot, which was founded in 2009 and updated in early 2016, is and has been targeting US public institutions to gather huge amounts of sensitive data from universities, hospitals, and more.
Bad Bots, Good Bots, and Humans Bots Beings
It’s not all bad though. There are new types of bots that could be considered something like the “bad bots gone good” and are here to make up for some of the bad things that bots before them have done. Approximately 27% of the bots help to make the internet better, according to Areyouahuman.com. For example, the Google crawler bot which is used to search the Internet and bring searchable content to the users. Media bots are also on the good side, providing updates on weather conditions, news, and sports. Many other types of bots have a positive impact through more accurate web-searches, chat, hotel booking and other helpful tasks.
2015 was a big year for humans. An annual Bot Traffic Report from Imperva Incapsula’s found that in 2015, humans took back the one percent of online traffic needed to just barely make us the majority (51.5 percent) of online traffic worldwide. The reports also showed that, while the good bots are out there, they just don’t seem to be keeping up with the bad bots and humans.
As we move into 2016 and bots become more integrated into our lives, we arrive at the question: can we mix humans and bots for the greater good? With Slack and Facebook looking at chat-as-a-platform and client-side apps as the next major step – customers are looking for something beyond what current applications provide. Theoretically, services that deploy bots at the front end can be more personalized than apps, so we are starting to see a mixed environment of apps and bots competing with companies like AirBnB and Tripadvisor. Over time as they become more refined – as we have seen with Siri and Google Now – they will provide just the right information with a more human touch and we will learn to appreciate and trust them.
How to Take the Good Bots, Avoid the Bad Bots, and Keep Your Data Safe
Good bots will help make the future a much better place but what can we do to take advantage of everything while keeping our data safe?
We are at an interesting crossroads today with technology and security. While there are a number of great solutions to help remove the bots from past generations from our computers, those same solutions won’t help keep our confidential data safe. In the competitive workplace today, we also can’t completely stop using the apps and collaboration tools that have been important in maintaining productivity. Technologies like Data Loss Prevention solutions could help let humans take advantage of various applications while being there to notify and stop us when we’re a bit too eager or unknowingly share all that valuable personal data.
IT departments can also create policies on more levels which can take into account an employee’s user authorization, the department’s right to share specific data or the document/content itself. Additionally, there are tools that can be used to prevent data from being targeted by malicious bots, like CAPTCHA, which is a code, image or other test that only humans can verify. Going back to authorization, access control solutions can create search criteria for authorizing to database records. This can be applied to websites to avoid data harvesting because a bot is not able to gain access to records that do not comply with the search criteria. Finally, it goes without saying that computers and other devices connected to the organization’s network must have updated data security solutions and IT administrators should periodically check for abnormal traffic loads.
While the app market has exploded, we’re seeing a different, much more OS-dependant approach. With this in mind, it is important to look for a security solution that is able to provide the same features for Windows, Mac OS X, and Linux, while also providing Mobile Device Management and keeping an eye on all the iOS and Android tablets/smartphones.
The future is bound to look quite different from today as mobility, bots, and automated services evolve, which is why it’s important to stay on your toes when it comes to keeping your personal data safe.
Roman Foeckl is the Founder and CEO of CoSoSys. Roman’s vision is to offer an easy-to-use and implement Data Loss Prevention Solution that covers all popular platforms, from Mac OS to Windows and Linux, so that large and small businesses can protect their data against accidental loss or intentional data theft.