SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Half of online traffic in 2024 generated by bots, report finds

Thu, 18th Apr 2024

According to the 2024 Imperva Bad Bot Report by Thales, a cybersecurity leader, nearly half (49.6%) of all global internet traffic was generated by bots, marking a 2% increase compared to 2022. This is the highest level of bot activity that Imperva has reported since it started monitoring automated traffic in 2013.

For five uninterrupted years, the percentage of web traffic associated with bad bots has been growing, increasing to 32% in 2023 from 30.2% in 2022. The report also highlighted that human user traffic decreased to 50.4% in 2023. This rising automated traffic trend is costing businesses billions of dollars annually due to attacks on websites, APIs, and applications. The increase in bot-generated traffic comprised both automated and direct malicious engagements.

Nanhi Singh, General Manager, Application Security at Imperva, a Thales company, elaborated on the growing threat. He said, "Bots are one of the most pervasive and growing threats facing every industry. From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organization's bottom line."

Several key trends were identified in the report. For instance, the global average of bad bot traffic reached 32%, with Ireland (71%), Germany (67.5%), and Mexico (42.8%) seeing the highest levels of bad bot traffic. The US also witnessed a higher ratio of bad bot traffic at 35.4% compared to 32.1% in 2022. Account takeover (ATO) attacks also saw an increase of 10% in 2023, with 44% of all these attacks targeting API endpoints. Among all login attempts on the internet, 11% were associated with account takeover, impacting industries like Financial Services (36.8%), Travel (11.5%), and Business Services (8%).

The report also warned about the rise in AI-related bot activities. It found that the rapid adoption of generative AI and large language models resulted in the volume of simple bots growing to 39.6% in 2023 from 33.4% in 2022. Simultaneously, automated threats caused a significant 30% of API attacks in 2023. Also, 17% of these were bad bots exploiting business logic vulnerabilities, which allows these bots to manipulate API functionalities and access sensitive data or user accounts.

The prevalence of bot traffic was observed across all sectors, with Gaming (57.2%) witnessing the most significant proportion of bad bot traffic. Simultaneously, Retail (24.4%), Travel (20.7%), and Financial Services (15.7%) experienced the highest volume of bot attacks. Advanced bad bots that mimic human behaviour and evade defences were most common on Law & Government, Entertainment, and Financial Services websites.

Nanhi Singh stressed the need for organisations to evolve in this new hi-tech landscape, concluding that, "As more AI-enabled tools are introduced, bots will become omnipresent. Organizations must invest in bot management and API security tools to manage the threat from malicious, automated traffic."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X