AI makes bots easier to deploy and harder to detect

Automated bot traffic surpassed human-generated traffic for the first time in a decade last year, making up 51 percent of all web traffic. This shift is largely attributed to the rise of AI and Large Language Models (LLMs), which have simplified the creation and scaling of bots for malicious purposes.

The latest Imperva Bad Bot Report from Thales shows cybercriminals are increasingly leveraging these technologies to create and deploy malicious bots which now account for 37 percent of all internet traffic -- a significant increase from 32 percent in 2023.

"The surge in AI-driven bot creation has serious implications for businesses worldwide," says Tim Chang, general manager of application security at Thales Cybersecurity Products. "As automated traffic accounts for more than half of all web activity, organizations face heightened risks from bad bots, which are becoming more prolific every day."

According to the research team, widely used AI tools are being leveraged for cyberattacks, with ByteSpider Bot alone responsible for 54 percent of all AI-enabled attacks. Other significant contributors include AppleBot at 26 percent, ClaudeBot at 13 percent, and ChatGPT User Bot at six percent.

Both the travel and the retail sectors are facing an advanced bot problem, with bad bots making up 41 percent and 59 percent of their traffic respectively. In 2024, the travel industry became the most attacked sector, accounting for 27 percent of all bot attacks, up from 21 percent in 2023. The most notable shift in 2024 is the decline in advanced bot attacks targeting the travel industry (41 percent, down from 61 percent in 2023) and the sharp increase in simple bot attacks (52 percent, up from 34 percent). This shift indicates that AI-powered automation tools have lowered the barriers to entry for attackers, allowing less sophisticated actors to initiate more basic bot attacks.

The research also reveals a significant surge in API-directed attacks, with 44 percent of advanced bot traffic targeting APIs. These attacks aren't just limited to overwhelming API endpoints; rather, they target the intricate business logic that defines how APIs operate. Attackers deploy bots specifically designed to exploit vulnerabilities in API workflows, engaging in automated payment fraud, account hijacking, and data exfiltration.

"The business logic inherent to APIs is powerful, but it also creates unique vulnerabilities that
malicious actors are eager to exploit," Chang says. "As organizations embrace cloud-based
services and microservices architectures, it's vital to understand that the very features that make APIs essential can also leave them susceptible to risk of fraud and data breaches."

The full report is available from the Imperva site.

Image credit: ktsdesign/depositphotos.com