Trillions of botnet requests have driven a massive increase in credential abuse, with more than 40 percent of login attempts found to be malicious, according to a newly published report.

The number comes from Akamai Technologies Inc.’s Fourth Quarter 2017 State of the Internet/Security Report, which detected a staggering 7.3 trillion botnet requests per month.

That headline number breaks down to even more remarkable figures, with Akamai now detecting 2,750 bot requests per second every day. They account for more than 30 percent of all pure web traffic (excluding video streaming) across its monitoring platform.

“Increased automation and data mining have caused a massive flood of bot traffic to impact websites and Internet services,” Martin McKeay, senior security advocate and the senior editor of the report, said in a statement. “Although most of that traffic is useful for Internet businesses, cybercriminals are looking to manipulate the powerful volume of bots for nefarious gains.”

The rest of the report highlighted other disturbing trends as cybercriminals continue to increase their hacking efforts. Hackers were detected in the quarter to be activity turning to exploit remote code execution vulnerabilities in enterprise-level software to make enterprise systems part of the botnet threat. In one example given, hackers were said to be exploiting vulnerabilities in the GoAhead embedded HTTP server, which has 700,000 potential targets, along with the Oracle WebLogic Server.

Distributed denial-of service-attacks were found to have increased 14 percent from the same time last year, with Akamai finding a spike of nearly 1 million unique IP addresses linked to the Mirai botnet. That’s despite its original creators pleading guilty to their role in the creation and distribution of the botnet in December.

Interestingly, the hospitality industry is cited in the report as the biggest target of fraudulent credential attacks. Some 82 percent of their login attempts were from malicious botnets. The financial industry saw a sharp increase in the number of DDoS attacks, experiencing 298 attacks against 37 distinct organizations last quarter.

Akamai said it detected 146 petabytes of botnet traffic in November and 145 petabytes in December of bot traffic alone, approximately 550 megabits per second of botnet traffic.

“Enterprises need to watch who is accessing their sites to differentiate actual humans from both legitimate and malicious bots,” McKeay added. “Not all web traffic and not all bots are created equal.”

A full copy of the report is available for free via this link.

Image: christiaancolen/Flickr