A recent report by Imperva, a leading cybersecurity company acquired by Thales, paints a concerning picture of the ever-growing threat posed by automated bots on the internet. The 2024 Imperva Bad Bot Report reveals that nearly half (49.6%) of all global internet traffic now originates from bots, a significant 2% increase compared to 2022. This represents the highest level of bot activity ever recorded by Imperva since they began monitoring automated traffic in 2013.
The report highlights a five-year upward trend in bad bot traffic, reaching a staggering 32% in 2023, up from 30.2% the previous year. This alarming rise comes at the expense of human user traffic, which has shrunk to just 50.4% in 2023. This translates into billions of dollars lost annually for businesses due to malicious attacks targeting websites, applications, and APIs.
The Imperva report delves deeper, categorizing the increase in bot-generated traffic into two key areas: automated and directly malicious activities. Nanhi Singh, General Manager of Application Security at Imperva, emphasizes the growing threat, stating, "Bots are one of the most pervasive and constantly evolving threats affecting every industry. From seemingly harmless web scraping to malicious account takeovers, spam, and denial-of-service attacks, bots have a significant negative impact on an organization's bottom line."
The report identifies several concerning trends, including a global average of bad bot traffic reaching 32%. Interestingly, some countries are experiencing a much higher concentration of such activity. Ireland leads the pack with a staggering 71% bad bot traffic, followed closely by Germany (67.5%) and Mexico (42.8%). Even the United States witnessed a significant rise, with bad bot traffic reaching 35.4% in 2023 compared to 32.1% the previous year.
Another concerning trend is the rise in Account Takeover (ATO) attacks. The report reveals a 10% increase in ATO attempts in 2023, with a worrying 44% of these attacks targeting API endpoints – the critical interfaces that allow applications to communicate with each other. Furthermore, a concerning 11% of all login attempts across the internet are linked to ATO attempts, with industries like Financial Services (36.8%), Travel (11.5%), and Business Services (8%) being the most targeted.
The report also raises a red flag regarding the growing influence of AI in bot activities. The rapid adoption of generative AI and large language models is fueling a surge in simple bots, with their volume rising from 33.4% in 2022 to 39.6% in 2023. This trend coincides with a significant increase in automated threats targeting APIs. The report reveals that a staggering 30% of all API attacks in 2023 were automated, with 17% specifically involving bad bots exploiting business logic vulnerabilities. These vulnerabilities allow bots to manipulate API functionalities and gain unauthorized access to sensitive data or user accounts.
The pervasiveness of bot traffic affects all industries, with the Gaming sector experiencing the highest proportion of bad bot traffic at a staggering 57.2%. Retail (24.4%), Travel (20.7%), and Financial Services (15.7%) also face a significant volume of bot attacks. Notably, advanced bad bots that mimic human behavior and evade traditional security measures are most commonly found on websites belonging to Law & Government, Entertainment, and Financial Services sectors.
Looking towards the future, Nanhi Singh emphasizes the need for organizations to adapt and evolve in this rapidly changing technological landscape. He concludes by stating, "As more AI-powered tools are introduced, bots will become even more ubiquitous. It's critical for organizations to invest in robust bot management and API security solutions to effectively mitigate the ever-growing threat posed by malicious, automated traffic."
By understanding the evolving landscape of bot activity and implementing effective countermeasures, businesses can protect themselves from financial losses, reputational damage, and data breaches. The 2024 Imperva Bad Bot Report serves as a wake-up call, urging organizations to prioritize bot detection and mitigation strategies as a cornerstone of their cybersecurity posture.
Comentarios