Akamai report: 42% of web traffic driven by bots, 65% malicious

New research from Akamai reveals that 42% of overall web traffic is driven by bots, with a significant 65% of these bots identified as malicious. The report, titled "Scraping Away Your Bottom Line: How Web Scrapers Impact Ecommerce," highlights the adverse effects of these bots on the eCommerce sector.

The report underscores various ways in which malicious bots, specifically scrapers, are being employed. These include competitive intelligence and espionage, inventory hoarding, and the creation of impostor sites. These activities negatively affect companies' financial performance and deteriorate customer experience.

One of the key findings is that bots are facilitating account abuse by scraping data necessary to open new fraudulent accounts, which account for up to 50% of fraud losses. In addition, scrapers enable more sophisticated phishing operations. They can obtain product images, descriptions, and pricing information to create counterfeit storefronts designed to steal personal credentials and credit card details.

The rise of artificial intelligence (AI) has made it increasingly difficult to detect these bots. The proliferation of AI botnets allows bad actors to scrape unstructured data in inconsistent formats and locations that were previously challenging to access. Akamai notes that no laws currently prohibit the use of scraper bots, making the challenge even more complicated.

Patrick Sullivan, CTO, Security Strategy at Akamai, said, “Bots continue to present massive challenges resulting in multiple pain points for app and API owners. This includes scraping that can steal web data and produce brand impersonation sites. The scraper landscape is also changing due to advancements like headless browser technology, requiring organisations to take an approach to managing this type of bot activity that is more sophisticated than other JavaScript-based mitigations.”

Beyond account abuse, another concerning outcome highlighted is the generation of more sophisticated phishing campaigns facilitated by scraper bots. These bots are capable of capturing and utilising business intelligence to enhance decision-making processes, making the phishing schemes even more convincing and effective.

Furthermore, organisations experiencing scraping – whether malicious or ostensibly beneficial – encounter a range of technical issues. These issues include website performance degradation, site metric pollution, attacks from compromised credentials, and increased computational costs due to heightened server loads.

The report provides insights into various mitigation strategies against scraper bots. Notably, it presents a case study showing that websites perform much more efficiently once robust defences against these bots are implemented. Compliance considerations in the face of increasing attacks are also addressed, underlining the importance of a proactive approach.

The findings from this report come on the 10th anniversary of Akamai’s State of the Internet (SOTI) reports. The SOTI series aims to deliver expert insights into the evolving cybersecurity and web performance landscapes, drawing from data gathered from the Akamai Connected Cloud.