The volume of internet traffic stemming from malicious automated software has increased by 2.5% since 2021 to over 30% – the highest figure since Imperva’s first Bad Bot Report in 2013.
Billions of dollars are lost annually due to bad bot attacks, which can lead to account compromise, data theft, spam, higher infrastructure and support costs, customer churn and degraded online services, Imperva claimed in its latest edition of the long-running report.
Read more on bad bots: Bad Bots Could Disrupt #COVID19 Vaccine Rollout.
Imperva warned that such traffic is increasingly hard to identify, with “advanced” bad bots now accounting for 51% of all malicious traffic, versus 26% two years ago.
More sophisticated software looks to ape human behavior to evade detection, such as by cycling through random IPs, entering through anonymous proxies and changing identities, Imperva said.
Account takeover (ATO) attacks are among the most common traced back to malicious bots, growing 155% in volume in 2022 as cyber-criminals looked to drive credential stuffing and brute force attacks. Some 15% of all login attempts last year were classified as ATO.
APIs were also a popular target for bad bots last year, and 17% of all attacks on APIs came from malicious software exploiting flaws in the design and implementation of an API or application to steal sensitive data or access accounts.
More than half of the countries analyzed for the Imperva report had bad bot levels exceeding the global average, with Germany (69%), Ireland (45%) and Singapore (43%) in the top three. In the US, the share was just above the average, at 32%.
Travel (25%), retail (21%) and financial services (13%) experienced the highest volume of bad bot attacks, although the gaming (59%) and telecoms (48%) sectors had the highest share of bad bot traffic on their websites and applications, Imperva said.
Karl Triebes, SVP and general manager of application security at Imperva, argued that the arrival of generative AI will supercharge the impact of malicious bots.
“Every organization, regardless of size or industry, should be concerned about the rising volume of bad bots across the internet,” he added.
“Year-on-year, the proportion of bot traffic is growing and disruptions caused by malicious automation result in tangible business risks – from brand reputation issues to reduced online sales and security risks for web applications, mobile apps, and APIs.”