Bad bot threats present a growing risk to organizations
A global analysis of automated bot traffic across the internet finds that in 2022, almost half (47.4 percent) of all internet traffic came from bots, a 5.1 percent increase over the previous year. At the same time the proportion of human traffic (52.6 percent) decreased to its lowest level in eight years.
The report from Imperva shows the volume of bad bot traffic has grown for the fourth year in a row, presenting a significant risk for businesses. The level of activity in 2022 is the highest since Imperva produced its first Bad Bot Report in 2013.
The report also shows APIs are being targeted. In 2022, 17 percent of all attacks on APIs came from bad bots abusing business logic.
"Bots have evolved rapidly since 2013, but with the advent of generative artificial intelligence, the technology will evolve at an even greater, more concerning pace over the next 10 years," says Karl Triebes, senior vice president and GM, application security at Imperva. "Cybercriminals will increase their focus on attacking API endpoints and application business logic with sophisticated automation. As a result, the business disruption and financial impact associated with bad bots will become even more significant in the coming years."
Last year the proportion of bad bots classified as 'advanced' accounted for more than half (51.2 percent) of all bad bot traffic. In comparison, the level of bad bot sophistication in 2021 was just 25.9 percent. This is a concerning trend for businesses as advanced bad bots use the latest evasion techniques and closely mimic human behavior to evade detection by cycling through random IPs, entering through anonymous proxies, and changing identities.
Travel (24.7 percent), retail (21 percent), and financial services (12.7 percent) continue to be the industries experiencing the highest volume of bot attacks. Though healthcare and law and government have all experienced a considerable jump in the volume of bad bot attacks in 2022.
Another interesting finding is that browser settings can disguise bad bot behavior. One-in-five bad bots used Mobile Safari as their browser of choice in 2022, up from 16.1 percent in 2021. Updated browsers offer privacy settings that obfuscate bad bot behavior, making it harder for organizations to detect and stop automated traffic.
"Every organization, regardless of size or industry, should be concerned about the rising volume of bad bots across the internet," adds Triebes. "Year-over-year, the proportion of bot traffic is growing and the disruptions caused by malicious automation results in tangible business risks -- from brand reputation issues to reduced online sales and security risks for web applications, mobile apps, and APIs. Businesses need to act now and invest in bot management and online prevention that can identify and stop sophisticated automation that targets APIs and application business logic."
The full report is available from the Imperva site.
Image credit: davincidig/depositphotos.com