Understanding the Ballooning Threat of Bot Farms

The connected internet is expanding at a rate of knots. So too are click bots trying to assess website performance, or the opportunistic kind looking to infiltrate business and digital platforms for nefarious uses. The rapid evolution of these bad bots causes devastation in their wake. Akamai notes how even the earliest examples like Clickbot.A caused $500,000 of click fraud powered by 100,000 machines. More recent bot operators can earn millions in a day generating fake ad impressions.

Clearly, alone, bad bots are troubling. When there is a collective army of them (and we could be talking about millions) built for a highly targeted purpose, modern cybersecurity threat levels rise through the roof. These are bot farms, growing in number, and also intelligence.

Bot Farms in the Click Fraud Landscape

Click farms have been known entities for a while, differing only from their digital bot counterparts by being run by humans, usually low-paid workers inflating impressions or using botnets – networks of multiple infected devices that simulate normal engagement. Viewers of Silicon Valley may be familiar with Pied Piper’s use of a click farm to inflate their user base, for example. The difference is that bots can conduct more operations on a grander scale, while click farms can focus on bypassing security filters.

Bot farms are used for both good and ill will. They can be used extensively to analyse websites, and are useful for Google’s ability to index web pages. In the hands of hackers, they’re hitting a range of industries mostly for financial gain, whether to overwhelm servers using DDoS attacks, scraping sensitive data to conduct identity theft, or generating revenue through simulated websites or apps and reaping the rewards of fake PPC ad clicks.

In that regard, cybercriminals implement bot farms for financial gain. Unfortunately, today’s internet sees far greater reach for business or politically sabotage, or intelligence gathering. A Russian bot farm was identified by the US justice department to operate 1,000 accounts to spread propaganda, run by a deputy editor at a state-owned newspaper in 2024, where two years prior five bot farms run by gangs were found by the Ukrainian government to be spreading misinformation. One Bloomberg investigation identified how common bots in online Poker communities were proliferating in bot farms, where multiple players would fold, check or raise instantaneously, and other popular online games have fallen foul of bot farms including World of Warcraft.

Dangers On the Horizon

Whatever their use case, it’s the sheer magnitude of bot farm networks that shows why their impact could grow far greater. Before, bot farms may have run off of simple scripts, now they’re expanded to dedicated infrastructures. Once configured on servers or cloud platforms, for multiple devices, they’re set to task in spoofing, phishing, data scraping, or likewise.

They require more sophisticated programming, multiple computers and routers, but they tend to collate greater computer processing power from multiple servers. Bot farm operations benefit massively from being decentralised – not limited to a couple of regions and distributed across different Internet Service Providers (ISPs). Running off of various IP addresses and proxies, individual bots can mask their connection to a wider farm.

Bots farms are taking advantage of development constantly, including an AI-backed scheme called Synthetic Echo replicating reputable news outlets to rob advertisers. Still, the human click farm element still accentuates the bots’ handiwork, letting them rack up traffic while using human intelligence to work around safeguards including bot filters and CAPTCHA technology. This blurs the lines of virtual activity like so-called ‘grey bots’.

There’s More Work To Do

The knowledge around click fraud is always increasing, so much so that the US digital advertising industry saved around $10.8 billion in 2023. But changing methodologies from bot farms and their operators constantly puts ad giants under pressure (who also favour more traffic).

It takes a multifaceted security programme to stay alert to verify non-human traffic activity indicative of bad bots, but it’s possible through multiple techniques:

Look for unnatural website behaviours like mouse movements, frequent page requests of session durations.
Check server logs for request volumes from the same IP or range.
Set thresholds for requests per IP or user sessions.
Scan IP addresses against known bot or proxy lists.
Analyse browser properties for limited or mismatched configurations, or failed Javascript.
Use CAPTCHAs to block bot activity.
Place honeytraps on websites using hidden links.
Leverage machine learning tools and solutions including AWS or Cloudflare.

We’re developing deep insights to battle bot farms and stay ahead of the criminals at play. With robust security, we can all do our bit to take the fight against these nefarious actors and keep website experiences safe, legitimate and valuable.

How the Environment for Bad Bot Traffic is Changing (for the Worse)

It’s no secret that robots are inching to take over the internet. For all the frontier’s good intentions for human

The Dual Nature of Bot Traffic

In the digital age, bot traffic has become pervasive, accounting for a significant portion of internet activity. While bots—automated scripts