"Bad Bots Now Account For 30% of All Internet Traffic"
Security researchers at Imperva have discovered that the volume of internet traffic stemming from malicious automated software has increased by 2.5% since 2021 to over 30%, the highest figure since Imperva's first Bad Bot Report in 2013. The researchers noted that billions of dollars are lost annually due to bad bot attacks, which can lead to account compromise, data theft, spam, higher infrastructure and support costs, customer churn, and degraded online services. The researchers warned that such traffic is increasingly hard to identify, with "advanced" bad bots now accounting for 51% of all malicious traffic versus 26% two years ago. The researchers noted that more sophisticated software looks to mimic human behavior to evade detection, such as by cycling through random IPs, entering through anonymous proxies, and changing identities. The researchers stated that account takeover (ATO) attacks are among the most common traced back to malicious bots, growing 155% in volume in 2022 as cybercriminals looked to drive credential stuffing and brute force attacks. Some 15% of all login attempts last year were classified as ATO. APIs were also a popular target for bad bots last year, and 17% of all attacks on APIs came from malicious software exploiting flaws in the design and implementation of an API or application to steal sensitive data or access accounts. The researchers noted that more than half of the countries analyzed for the Imperva report had bad bot levels exceeding the global average, with Germany (69%), Ireland (45%), and Singapore (43%) in the top three. In the US, the share was just above the average, at 32%. Travel (25%), retail (21%), and financial services (13%) experienced the highest volume of bad bot attacks, although the gaming (59%) and telecoms (48%) sectors had the highest share of bad bot traffic on their websites and applications.
Infosecurity reports: "Bad Bots Now Account For 30% of All Internet Traffic"