According to Imperva, 47.4% (or 51.1%) of all internet traffic in 2023 will be bots. This represents a 5.1% rise over the previous year. The proportion of human traffic (52,6%) decreased to its lowest level for eight years.
Businesses are at risk from malicious bot activity, which can lead to account compromise, data theft, and spam, higher costs for infrastructure and support, customer churn, and degraded services.
The Imperva annual report has been providing security and business leaders with useful information and practical information for the past decade about the evolution and automated traffic of bot technology. Imperva documented the annual trends to raise awareness about the risks associated with bot activity.
Karl Triebes is SVP and GM of Imperva's Application Security. He says that "Bots have evolved quickly since 2013, but the technology will continue to evolve at a greater, more alarming pace over the next decade."
Cybercriminals will focus more on sophisticated automation to attack API endpoints and business logic in applications. Triebes added that the financial and business impact of bad bots would increase in the future.
In 2022, 51.2% of the bad bot traffic was attributed to "advanced bots".In 2021, bad bot sophistication was 25.9%. This is a worrying trend for businesses, as advanced bad bots use evasion techniques to avoid detection. They closely mimic human behavior by cycling through random IPs and entering through anonymous proxy servers and changing their identities.
In addition, 15% of all logins in the last 12 months, across all industries and sectors, were classified as account theft. Cybercriminals use bad robots to facilitate brute force and credential-stuffing attacks since automation can quickly cycle through credentials until successful.
In 2022, bad bots that abuse business logic will account for 17% of all API attacks. Business logic attacks exploit flaws in an API's design or implementation to manipulate legitimate functionality with the intention of stealing sensitive data or gaining illegal access to accounts.
In 2022, 35% percent of account takeovers targeted APIs. When APIs are called by programmatically, attackers have the ability to automate a process of trying to take over an account without triggering alarms.
Healthcare and Law & Government also saw a significant increase in bad bot attacks by 2022. The highest percentage of bad bot traffic was seen in the gaming (58.7%), and telecommunications industries (47.7%). Bots are a growing issue for all industries.
Seven of the 13 countries included in the report had bot traffic levels exceeding the global average (30.2%). Germany (68.6%), Ireland (45.1%), and Singapore (43.1%) were the top three countries. The US was also above the average with 32.1%.
In 2022, one-fifth of bad bots chose Mobile Safari as their preferred browser. This is up from 16.1% in the year 2021. Updated browsers have privacy settings that hide bad bot behavior. This makes it harder for organizations and businesses to detect and stop automated traffic.
"Bot traffic is increasing year-over-year and the disruptions that are caused by malicious automation result in tangible business risks. These risks range from brand reputation issues to reduced online sales, and security risks associated with web applications, mobile applications, and APIs. Businesses must act now and invest in bot management and online preventative measures that can identify and stop sophisticated automated attacks that target APIs and application logic," Triebes concluded.
More read:
tech news, technology news, tech news today, wugt news tech, wugt tech news
