Internet traffic in 2023 saw a significant surge in bot activity, accounting for almost 50% of all traffic, marking a 2% increase from the previous year, according to the Thales Imperva Bad Bot report. This spike represents the highest level of bot-driven traffic since 2013.
The report highlights the prevalence of “bad bot traffic,” which rose to 32% globally in 2023. These nefarious bots are designed for malicious purposes, including cybercrimes such as theft and fraud. Countries like Ireland, Germany, and Mexico witnessed a notable uptick in bad bot activity, with the US also experiencing a slight increase.
The surge in bot traffic is causing significant financial losses for organizations worldwide, costing billions of dollars annually. Attacks on websites, APIs, and applications are the primary sources of these losses, as stated in the report.
The adoption of generative AI and large language models has facilitated the proliferation of simple bots across the internet. These bots, which increased from 33% to 39% in 2023, utilize web scraping bots and automated crawlers to train models, enabling non-technical users to create automated scripts for various purposes.
Account takeover attacks (ATO) surged by 10% in 2023, with nearly half of all attacks targeting API endpoints. The financial services, travel, and business services sectors were the most frequently targeted industries. However, bot-related issues affect almost every industry.
The gaming industry witnessed the highest proportion of bad bot traffic, while retail, travel, and financial services faced the brunt of bot attacks. Advanced bots, which closely mimic human behavior and evade detection, were most prevalent in law and government, entertainment, and financial services.
Bad bots are evolving to evade detection, with many now masquerading as mobile users. This tactic, accounting for 44% of all bad bot traffic in 2023, involves using residential proxies to make it appear as though the traffic originates from legitimate ISP-assigned residential IP addresses.
Nanhi Singh, General Manager of Application Security at Imperva, predicts that automated bots will soon surpass human internet traffic. This shift will require organizations to rethink their approaches to website and application security.
Bots continue to pose a significant threat to organizations worldwide, impacting their bottom line and requiring increased investment in infrastructure and customer support. Addressing the threat of bad bots is crucial as attackers increasingly focus on API-related abuses, leading to potential account compromises and data breaches.
