Articles about bots

Threat actors are favoring smaller, persistent attacks under 100,000 requests per second according to a new report. This shift signals a growing dependence on automated, generative AI-enhanced attack tools, reflecting the democratization of DDoS capabilities among loosely coordinated threat actors and new actors entering the scene.

The report from Radware also shows web DDoS attacks rose 39 percent over the second half of 2024. The second quarter set a record with a 54 percent quarter-on-quarter spike.

Continue reading →

For the past two decades, cybersecurity teams have been laser focused on identifying ‘what’s bot -- and what’s not’. Over the past couple of years, this focus has shifted slightly, with security teams dedicating most of their attention to the most sophisticated bots.

New developments in AI over the past year have added a new level of complexity, with the emergence of beneficial business bots, like sophisticated AI agents, complicating what was once a binary task of differentiating bot from human.

Continue reading →

Automated bot traffic surpassed human-generated traffic for the first time in a decade last year, making up 51 percent of all web traffic. This shift is largely attributed to the rise of AI and Large Language Models (LLMs), which have simplified the creation and scaling of bots for malicious purposes.

The latest Imperva Bad Bot Report from Thales shows cybercriminals are increasingly leveraging these technologies to create and deploy malicious bots which now account for 37 percent of all internet traffic -- a significant increase from 32 percent in 2023.

Continue reading →

We all know about good bots like search engine crawler bots, SEO bots, and customer service bots. And we know about bad bots, designed for malicious or harmful online activities like breaching accounts to steal personal data or commit fraud.

New research from Barracuda identifies an additional breed of 'gray bots', and these include GenAI scraper bots, designed to extract or scrape large volumes of data from websites, often to train generative AI models. Other examples of gray bots are web scrapers and automated content aggregators that collect web content such as news, reviews, travel offers and more.

Continue reading →

New research from Imperva shows that 71 percent of UK consumers believe bad bots are ruining Christmas by snapping up all the most wanted presents.

It finds that 40 percent of consumers surveyed say they have been thwarted when trying to buy a gift in the past, only to find that it was completely sold out.

Continue reading →

Organizations have grappled with business threats posed by various automated bots and crawlers over the years. The latest flavor to take the spotlight is AI crawlers which source proprietary content to feed the AIs they serve.

We spoke to Eyal Benishti, CEO of IRONSCALES, to discuss AI crawlers and why it's important for security teams to establish boundaries for their use.

Continue reading →

Bad bots are designed perform various malicious activities. These range from basic scrapers that try to get some data off an application -- and are easily blocked -- to more advanced persistent bots that try to evade detection.

Barracuda researchers have been tracking bots for several years and have identified some interesting recent trends not least that, like King Louie in The Jungle Book, they 'wanna be like you'.

Continue reading →

A wave of credential stuffing, with no attempt to use the accounts. A pause. The accounts are accessed but not leveraged. A pause. Then, a flood of transaction fraud, using either the taken-over accounts or new ones set up with similar personal information.

The catch: The stages of this process may occur days or weeks apart. And they may not all take place on the same websites. What’s happening, and how does bot detection and analysis help clarify and prevent fraud? 

Continue reading →

A global analysis of automated bot traffic across the internet finds that in 2022, almost half (47.4 percent) of all internet traffic came from bots, a 5.1 percent increase over the previous year. At the same time the proportion of human traffic (52.6 percent) decreased to its lowest level in eight years.

The report from Imperva shows the volume of bad bot traffic has grown for the fourth year in a row, presenting a significant risk for businesses. The level of activity in 2022 is the highest since Imperva produced its first Bad Bot Report in 2013.

Continue reading →

New research from Kasada shows a 50 percent jump in bad bot activity during Black Friday week, with bot operators using customized open-source development tools, headless browsers, and new Solver Services to conduct their attacks at scale.

The report also shows a six times spike in automated gift card lookups this holiday shopping season, a key indicator that fraudsters are using bots to identify and steal gift card balances.

Continue reading →

Automated threats, ranging from account takeover, credit card fraud, web scraping, API abuses, Grinch bots, and DDoS attacks, are a persistent challenge for the eCommerce industry, according to a new report.

Cybersecurity company Imperva has conducted a 12-month analysis of threats targeting the retail industry. A continued barrage of attacks on retailers’ websites, applications, and APIs throughout the year and during peak holiday shopping times is a continued business risk for the retail industry.

Continue reading →

Online fraud is becoming a scourge across the United Kingdom, and in the past year alone we’ve watched police tackle a record breaking number of scams.

One of the most dangerous attacks used by fraudsters is Account Takeover (ATO), whereby cybercriminals take ownership of online accounts by abusing stolen passwords and usernames, often accessed on the Dark Web. A Freedom of Information (FOI) request earlier this year revealed that ATO is the most common form of online fraud in the UK and new data from the 2022 Imperva Bad Bot Report shows ATO attacks rose a staggering 148 percent in 2021 alone. 

Continue reading →

Researchers at anti-bot specialist Kasada have recently uncovered the use of 'Solver Service' bots -- an API-as-a-service tool created to bypass the majority of bot management systems.

By 'solving' a bot detection system's defense, these allow enterprising cybercriminals to now commercialize the Solver Service they deciphered and sell it for a profit. This means buyers can successfully conduct automated bot attacks without any technical skills -- and without having to worry about what bot defenses a site may have in place.

Continue reading →

The latest Bad Bot Report from Imperva shows that bots are an increasingly significant part of the web, accounting for over 42 percent of traffic overall.

More concerning still is that bad bots accounted for a record-setting 27.7 percent of all global website traffic in 2021, up from 25.6 percent in 2020. The three most common bot attacks are account takeover, content or price scraping, and scalping to obtain limited-availability items.

Continue reading →

The past holiday season saw an unusually high level of malicious bot activity in the retail and commerce industries according to new data from Akamai and RH-ISAC (Retail and Hospitality Information Sharing and Analysis Center).

Attacks included credential stuffing and account takeover (ATO) attacks unleashed by malicious bot operators, as well as Log4j exploitation attempts and web application firewall (WAF) assaults, all of which have been about bad actors setting their sights and pointing their tools at eCommerce players.

Continue reading →