Malicious bot traffic hits new highs

New data from Imperva Research Labs sees the highest percentage of bad bot traffic (25.6 percent) since the company began reporting traffic in 2014.

At the same time traffic from humans fell by 5.7 percent. More than 40 percent of all web traffic requests originated from a bot last year, suggesting the growing scale and widespread impact of bots in daily life.

The majority of bad bot traffic last year came from Advanced Persistent Bots accounting for 57.1 percent. These bots are responsible for high-speed abuse, misuse and attacks on websites, mobile apps and APIs. They closely mimic human behavior and are therefore harder to detect and stop.

Telecom and internet service providers (ISPs) experienced the highest proportion of overall bot traffic last year (45.7 percent), often the result of bots involved in account takeover or competitive price scraping. Meanwhile, the travel industry has seen the greatest percentage of sophisticated bad bot traffic (59.7 percent).

There was, perhaps unsurprisingly, a 372 percent increase in bad bot traffic on healthcare websites from September 2020 to February 2021. More recently, as vaccines became available to more age groups, Imperva Research Labs recorded bot activity at rates of 25,000 requests per hour. So called 'scalper' bots were also used at the start of last year to hoard large inventories of face masks, sanitizers, detergents, home workout equipment and more.

Mobile has also become more of a focus with the percentage of bad bots disguised as mobile browsers growing to 28.1 percent last year, up from 12.9 percent in 2019.

"As we've monitored over the past eight years, bad bots continue to ravage the Internet, while attack characteristics are becoming more advanced and nuanced over time," says Edward Roberts, director of strategy, application security at Imperva. "Throughout the past year and during a global pandemic, bad bots have thrived by targeting new markets and the impacts are now felt by everyday consumers. The Grinch Bot disruption to the gaming hardware industry in late 2020 is one example of what happens when bots go unchecked and cause denial of inventory. Bad bots must be a top concern for businesses and security practitioners in 2021 as the problem is likely to grow. Organizations must take proactive action to secure their websites, applications and APIs from these threats as bots are increasingly involved in fraudulent activity that can be a source of reputational and financial damage."

The full report is available from the Imperva site.

Image credit: Pixelery.com/depositphotos.com