Malicious bots accounted for almost 28% of global web traffic in 2021, a record high that exceeded the previous year’s figure of 26%, according to Imperva.
Bots are software apps that run automated tasks. However, while most of them perform legitimate work such as crawling and indexing the internet for search engines, an increasing number are being used for malign purposes.
The most common of these last year were account takeover (ATO), content or price scraping and scalping to obtain limited-availability items, Imperva claimed.
Its 2022 Imperva Bad Bot Report is based on a detailed analysis of this malicious activity.
It found that two-thirds of this traffic could be traced to “evasive bad bots” – software that uses the latest evasion techniques to circumvent security tools. These include cycling through random IPs, entering sites and apps through anonymous proxies, changing identities and mimicking human behavior to evade detection.
Some 36% of bad bots hid as mobile web browsers in 2021, with Safari the most popular choice due to its enhanced privacy settings. Imperva claimed that this enabled threat actors to remain hidden while carrying out their attacks.
As a result of the increase in malicious bot traffic, ATO attacks soared by 148% from 2020 to 2021, allowing scammers to access sensitive account information and potentially carry out fraudulent transactions.
Financial services was the most targeted industry (35%) in this regard, followed by travel (23%), with the US the leading origin country of ATO attacks (54%) in 2021.
Overall, travel (34%), retail (34%) and financial services (9%) were the sectors most targeted by bad bots in 2021, which stands to reason given the large amounts of sensitive data stored in customer accounts and the potential for monetization.
“Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, and degraded online services,” said Imperva VP of application security, Ryan Windham.
“With automated fraud growing in intensity and complexity, advanced bot protection is essential for preventing the growing threat digital businesses and consumers face from bad bots.”