Imperva, a Thales company specializing in cybersecurity, released their 2024 Imperva Bad Bot Report, a global analysis of automated bot traffic across the internet. According to their conclusions, nearly half (49.6%) of all internet traffic came from bots in 2023. This is a 2% increase over the previous year and the highest level Imperva has reported since it began monitoring automated traffic in 2013.
According to the Bad Bod Report, for the fifth consecutive year, the proportion of web traffic associated with bad bots grew to 32% in 2023, up from 30.2% in 2022. At the same time, traffic from human users decreased to 50.4%. Automated traffic is costing organizations billions (USD) annually due to attacks on websites, APIs, and applications.
In a press release, Nanhi Singh, General Manager, Application Security at Imperva, commented:
“Bots are one of the most pervasive and growing threats facing every industry. From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organization’s bottom line by degrading online services and requiring more investment in infrastructure and customer support. Organizations must proactively address the threat of bad bots as attackers sharpen their focus on API-related abuses that can lead to account compromise or data exfiltration.”
Key Takeaways
What are the key trends identified in the 2024 Imperva Bad Bot Report? Here are a few insights:
1/ The global average of bad bot traffic reached 32% in 2023
Ireland (71%), Germany (67.5%), and Mexico (42.8%) are the countries that have the highest levels of bad bot traffic in 2023. The US also saw a slightly higher ratio of bad bot traffic at 35.4% compared to 2022 (32.1%).
2/ The growing use of generative AI is connected to the rise in simple bots
The rapid adoption of generative AI and large language models (LLMs) resulted in the volume of simple bots increasing to 39.6% in 2023 (it was 33.4% in 2022). The technology uses web scraping bots and automated crawlers to feed training models while enabling nontechnical users to write automated scripts for their own use.
3/ Account takeover attacks increased
Account takeover (ATO) attacks increased by 10% in 2023, compared to 2022. 44% of these attacks targeted API endpoints, compared to 35% in 2022. Of all login attempts across the internet, 11% were associated with account takeover. The industries that saw the highest volume of ATO attacks in 2023 were Financial Services (36.8%), Travel (11.5%), and Business Services (8%).
4/ APIs are a popular vector for attack
Automated threats caused a significant 30% of API attacks in 2023. Among them, 17% were bad bots exploiting business logic vulnerabilities. This refers to a flaw within the API’s design and implementation that allows attackers to manipulate legitimate functionality and gain access to sensitive data or user accounts. Cybercriminals use automated bots to find and exploit APIs, which act as a direct pathway to sensitive data, making them a prime target for business logic abuse.
5/ Every industry has a bot problem
Every industrial sector is concerned by bad bot traffic and attacks. Gaming (57.2%) has the largest proportion of bad bot traffic. Retail (24.4%), Travel (20.7%), and Financial Services (15.7%) experienced the highest volume of bot attacks. The proportion of advanced bad bots, those that closely mimic human behavior and evade defenses, was highest on Law & Government (75.8%), Entertainment (70.8%), and Financial Services (67.1%) websites.
Improving Security
What can organizations do to better protect their businesses against those bad bots? Sing predicts that:
“Automated bots will soon surpass the proportion of internet traffic coming from humans, changing the way that organizations approach building and protecting their websites and applications. As more AI-enabled tools are introduced, bots will become omnipresent.”
She therefore recommends organizations invest in bot management and API security tools to manage the threat from malicious, automated traffic.
You can download a copy of the 2024 Imperva Bad Bot Report for additional insights.
![Image [BUYING GUIDE] How to Choose the Right Shelving?](/wp-content/uploads/sites/3/Featured-7-320x213.jpg)
