CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Backlit hand using tablet with abstract glowing digital skull showing bad bots and account takeover and API attacks
Cyber SecurityNews
·3 min read

Bad Bots Account For 30% Of Internet Traffic and Are More Frequent in Account Takeover and API Attacks

Alicia Hope·May 30, 2023

Nearly half of all internet traffic originated from automated scripts, with almost a third from bad bots, a new report by IT and application security firm Imperva found.

Bad bots are automated software applications capable of abusing, misusing, and attacking web applications, mobile apps, and APIs.

The report found a steady increase in bot traffic over the past few years, pushing human traffic to an eight-year-low.

The 2023 Imperva Bad Bot Report highlighted an evolution in bot technology and steps business leaders should take to remain a step ahead of automated threats.

Bots are responsible for nearly half of the internet traffic

Imperva’s Bad Bot Report found that 47.4% of all internet traffic came from bots, a 5.1 increase from 2021. During the same period, human traffic fell to 52.6%, reaching an eight-year low.

Additionally, traffic from bad bots increased for the fourth consecutive year, reaching 30.2% and recording a 2.5% increase over 2021.

However, good bot traffic remained significantly low at just 17.3% but slightly increased from 14.6% in 2021.

Bad bots are abusing Safari privacy features

Imperva found a significant increase in bad bots self-reporting as mobile browsers.

According to the report, a fifth (20.2%) of bad bot traffic self-reported as Mobile Safari, marking a 16.1% increase from the previous period.

Despite the overall reduction in volume from 42.7% in 2021 to 40.4% in 2022, most bad bot traffic originated from Chrome browsers, with Mobile Chrome recording a slight increase from 11.9% in 2021 to 13.2% in 2022.

The report indicated that Safari was the most preferred mobile browser by bad bots. The researchers pointed out that bad bots exploited Safari’s enhanced privacy features to mask their nefarious behavior.

However, they noted that evasive bots (advanced and moderate) usually disguise themselves as mobile browsers to evade detection. Thus, the number of malicious scripts running on the Safari browser might differ.

Advanced bad bot levels are doubling

The researchers noted an expanding gap between moderate and advanced bots in the last 12 months.

They noted that bad bots were increasingly adopting evasive behaviors such as cycling through IPs, using anonymous proxies, mimicking human behavior, defeating CAPTCHAs, and delaying requests.

According to the researchers, as evasion tactics evolved, the proportion of bad bots classified as “advanced” (51.2%) increased at the expense of moderate ones (15.3%), while simple bots remained consistent at 33.4%.

Collectively, evasive bots accounted for roughly two-thirds (66.6%) of bot traffic, marking a slight increase from 65.5% in the previous year.

“While the increase isn’t substantial, it is the makeup of evasive bad bots that is alarming, with advanced bad bot levels essentially doubling,” Imperva’s report stated.

Account takeover and API attacks are frequently leveraging bad bots

Bad bots that abuse business logic accounted for 17% of all API attacks in 2022, while 21% of malicious activity originated from other automated threats. Of all attacks recorded, 27% originated from bad bots, while 26% were from other automated sources.

The researchers explained that the goal of abusing API business logic was to steal sensitive information or illegally gain access to user accounts.

According to the report, account takeover (ATO) attacks in 2022 more than doubled (+155%), accounting for 15% of all login attempts in the past 12 months.

Additionally, over a third (35%) of account takeover attacks in 2022 specifically targeted an API.

The reason for targeting APIs in account takeover attacks is because the authentication token is sent in the request body, thus easier to intercept and abuse without raising suspicion.

Bot threat landscape

Travel (24.7%), Retail (21%), and Financial services (12.7%) experienced the highest volume of bot traffic levels, while Gaming (58.7%) and Telecommunications (47.7%) experienced the highest bad bot traffic levels.

Healthcare and Government experienced the highest level of bad bots attacks, while Financial Services, Telecoms and ISPs, and Computing & IT experienced the highest volume of account takeover attacks.

Seven countries out of 13 analyzed had higher bot traffic levels than the global average of 30.2%, with Germany (68.6%), Ireland (45.1%), and Singapore (43.1%) leading the pack and the United States (32.1%) following closely. However, countries with the highest volume of bot attacks were the United States (41.1%), Australia (16.4%), and the United Kingdom (6.8%).

The researchers recommended identifying potential risks, vulnerability reduction, blocking outdated browsers, traffic monitoring and evaluation, disallowing traffic from data centers, security automation, raising awareness, and tweaking configurations to block bots.

 

Tags
Account TakeoverAPI AttacksBad Bots
Alicia Hope
Staff Correspondent at CPO Magazine
Alicia Hope has been a journalist for more than 5 years, reporting on technology, cyber security and data privacy news.
Related
Army of toy robots showing web scraping and bad bots
Cyber SecurityInsights

Web Scraping Is Legal (For Now), but It May Be Hurting Your Business

January 15, 2024
Facebook screen in the hands of a woman showing account takeover of Facebook profiles
Cyber SecurityNews

An Effective Account Takeover Trick Is Helping Scammers Steal Thousands of Facebook Profiles

May 3, 2023
Army of bots showing eCommerce retailers and account takeover, DDoS and API attacks
Cyber SecurityNews

62% of Security Incidents on eCommerce Retailers Originate from Bots, Including Account Takeover, DDoS and API Attacks

November 11, 2022
Logo of TikTok in the reflection of a broken mirror showing TikTok hack and account takeover
Cyber SecurityNews

“One-Click” TikTok Hack Discovered That Put 2 Billion App Users at Risk, but No Reports Yet of Account Takeover in the Wild

September 8, 2022
Disney store window showing account takeover of social media
Cyber SecurityNews

Disneyland Account Takeover Highlights Lax Security for Social Media Accounts

July 13, 2022
Iran flag on a black keyboard showing spear phishing for account takeover
Cyber SecurityNews

Iranian Spear Phishing Operation Targeting US and Israeli Government Figures, Email Account Takeovers Lead to Impersonation Campaigns

June 23, 2022
Bunch of rough shape keys showing user credentials sold on dark web
Cyber SecurityNews

Over 24 Billion Compromised User Credentials Circulating on the Dark Web Market

June 22, 2022
Developers working on code showing API security and API attacks
Cyber SecurityNews

API Attacks Increased by 681%, Affecting 95% Of Organizations, Salt Labs State of API Security Report 2022 Says

March 21, 2022

Latest

Criminal talking on the phone showing vishing attacks

Google Warns Salesforce Customers of Large-Scale Vishing Attacks

Google logo showing certificate authorities

Google to Distrust Two Certificate Authorities Over Compliance Issues

Hands typing on keyboard showing security incident

Victoria’s Secret Security Incident Shuts Down Lingerie Giant’s Systems

Cars waiting on the road showing vehicle security

Balancing Safety and Security in Software-Defined Vehicles

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Categories

Data Privacy
Data Protection
Cyber Security
Tech
Insights
News
Resources
Press Releases

© 2024 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    Data Breach U.S. Regulations Cyber Attack EU GDPR
    See all results