Internet bots account for nearly half of global web traffic, according to new research, and a significant amount of this fake activity is malicious.
The eleventh annual Incorrect robot report from Imperva shows that malicious bot traffic continued to increase through 2024, marking the fifth consecutive year of increased malicious activity.
Imperva defines bad bots as software applications that perform automated tasks, imitating legitimate users, with malicious intent.
These bots can be used for a variety of nefarious purposes, such as distributed denial of service (DDoS) attacks, spoofing, credential stuffing, scraping, and more.
Imperva's report focuses on bad bot activity at the application layer of the OSI model (Layer 7), as opposed to the lower-level network protocols used for volumetric DDoS attacks.
The research analyzed data collected from its global network in 2023, which included nearly 6 billion blocked bad bot requests, anonymized across thousands of domains and industries.
The analysis found that 49.6% of all internet traffic came from bots in 2023, a 2% growth from the previous year, and the highest level Imperva has recorded since it began monitoring automated traffic in 2013. .
Traffic generated by malicious bot activity also increased to 32% of global traffic in 2023, up from 30.2% in 2022; while human trafficking decreased to 50.4% during the same period.
Breaking down Internet traffic by industry, the study found that bad bots affect all sectors, but the industries most affected were gaming (57.2%), telecommunications and ISP (49.3%), computing and IT (45.9%), business services (40.9%). ), and Health (33.4%).
Nanhi Singh, general manager of application security at Imperva, said bots are one of the most pervasive threats facing every industry, and this threat is only growing as automation technology becomes more sophisticated.
“From simple web scraping to malicious account takeover, spam and denial of service, bots negatively impact an organization's bottom line by degrading online services and requiring more investment in infrastructure and customer support,” Singh said. . “Organizations must proactively address the threat of malicious bots as attackers focus more on API-related abuses that can lead to account compromise or data leaks.”
Sophisticated and evasive robots plague critical industries
Imperva classified the bots by their level of sophistication, with categories covering simple, moderate and advanced evasion techniques.
Simple Bots are those that do not report themselves as browsers, but instead use automated scripts to connect to sites from a single IP address, making them fairly easy to identify as robots.
Moderate It comprises bots that use more sophisticated 'headless browser' software that simulates browser activity, including the ability to execute JavaScript code.
Advanced Bots emulate human user behavior, such as mouse movements and clicks, to fool fake bot detection systems. These assets use browser automation software or malware inside real browsers to connect to sites.
Imperva provided details on how evasive robots avoid detection using a wide range of stealth techniques.
“Evasive bots use complex tactics such as traversing random IPs, logging in through anonymous proxies, using residential proxies, changing their identities, mimicking human behavior, delaying requests, and overcoming CAPTCHA challenges,” the report explains.
“They use a 'low and slow' approach to avoid detection and carry out significant attacks using fewer requests. “This method reduces the ‘noise’ generated by many bad bot campaigns, making them more difficult to detect.”
The Imperva study found that several critical industries received the highest proportion of traffic from advanced bots in 2024.
The Law and Government (75.8%) and Financial Services (67.1%) sectors were among the affected sectors with the highest proportion of advanced bots.
The study noted that the volume of these advanced attacks is less important, as their sophistication means fewer attempts are required to compromise the target system.
ATO attacks increase as APIs become prime target for cybercriminals
Imperva's findings also showed an increase in account takeover (ATO) attacks as one of the most frequent automated threats organizations faced last year, recording a 10% increase in ATO attacks in 2023.
The volume of ATO attacks launched each year is growing, according to Imperva data, with 11% of all Internet login attempts associated with account takeover attempts.
Once again, critical industries received the highest volume of these attacks, with the financial services sector suffering 36.8% of global ATO attempts.
Notably, 44% of all ATO attacks targeted API endpoints, up from 35% in 2022, and automated threats were responsible for 30% of all API attacks in 2023.
The widespread adoption of APIs precipitated by the proliferation of web and mobile applications makes them a tempting target for cybercriminals, according to the report, especially because they are often used to take care of vital identity verification processes.
As such, exploiting vulnerabilities in authentication APIs can provide threat actors with unauthorized access to user accounts, highlighting the importance of API security for organizations moving forward.
