searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
  • (IN)SECURE Magazine
Help Net Security
Help Net Security
May 20, 2022
Share

Record level of bad bot traffic contributing to rise of online fraud

Bad bots, software applications that run automated tasks with malicious intent, accounted for a record-setting 27.7% of all global website traffic in 2021, up from 25.6% in 2020, an Imperva report reveals. The three most common bot attacks were account takeover (ATO), content or price scraping, and scalping to obtain limited-availability items.

bad bots website traffic

Bad bots are often the first indicator of online fraud and represent a risk to digital businesses, as well as their customers. In 2021, evasive bad bots — a grouping of moderate and advanced bad bots that elude standard security defenses — made up 65.6% of all bad bot traffic. This breed of bot uses the latest evasion techniques, including cycling through random IPs, entering through anonymous proxies, changing identities, and mimicking human behavior to evade detection.

Bad bots enable high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs. Successful attacks can lead to the theft of personal information, credit card data, and loyalty points. For organizations, automated abuse and online fraud contributes to non-compliance with data privacy and transaction regulations. Bad bot traffic is rising at a time when organizations are investing in improving customer experiences online. It’s resulted in more digital services, new online functionality, and the development of expansive API ecosystems. Unfortunately, this array of new endpoints is a ripe target for automated attacks by bad bot operators.

“Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, and degraded online services,” says Ryan Windham, VP, Application Security, Imperva. “With automated fraud growing in intensity and complexity, advanced bot protection is essential for preventing the growing threat digital businesses and consumers face from bad bots.”

Key findings

  • Account takeover increased 148% in 2021: In 2021, 64.1% of ATO attacks used an advanced bad bot. Financial Services was the most targeted industry (34.6%), followed by Travel (23.2%). The United States was the leading origin country of ATO attacks (54%) in 2021. The implications of account takeover are extensive; successful attacks lock customers out of their account, while fraudsters gain access to sensitive information that can be stolen and abused. For businesses, ATO contributes to revenue loss, risk of non-compliance with data privacy regulations, and tarnished reputations.
  • Travel, retail, and financial services targeted by bad bots: The volume of attacks originating from sophisticated bad bots was most notable across Travel (34.2%), Retail (33.8%), and Financial Services (8.8%) in 2021. These industries remain a prime target because of the valuable personal data they store behind user login portals on their websites and mobile apps.
  • Proportion of bad bot traffic varies by country: In 2021, Germany (39.6%), Singapore (39.1%), and Canada (30.2%) experienced the highest volumes of bad bot traffic, while the United States (29.1%) and United Kingdom (29.7%) were also higher than the global average (27.7%) of bad bot traffic.
  • 35.6% of bad bots hide as mobile web browsers: Mobile user agents were a popular disguise for bad bot traffic in 2021, accounting for more than one-third of all internet traffic, increasing from 28.1% in 2020. Mobile Safari was a popular agent in 2021 because bots exploited the browser’s improved user privacy settings to mask their behavior, making them harder to detect.

The research concludes that no industry was immune to bad bot activity in 2021. While examples of bots hoarding popular gaming consoles or clogging vaccine appointment scheduling sites made headlines in 2021, any level of bot traffic on a website can cause significant downtime, degrade performance, and reduce service reliability.




More about
  • account hijacking
  • bot
  • cyberattack
  • fraud
  • Imperva
  • report
Share this

Featured news

  • How parents can talk about online safety and personal info protection with their kids
  • Why digital trust needs to be a strategic imperative for your company
  • Exploring the insecurity of readily available Wi-Fi networks
Detection, isolation, and negotiation: Improving your ransomware preparedness and response

What's new

Photos: Cyber Week 2022

How parents can talk about online safety and personal info protection with their kids

Destructive firmware attacks pose a significant threat to businesses

Why digital trust needs to be a strategic imperative for your company

Don't miss

Photos: Cyber Week 2022

How parents can talk about online safety and personal info protection with their kids

Destructive firmware attacks pose a significant threat to businesses

Why digital trust needs to be a strategic imperative for your company

Researchers uncover ZuoRAT malware targeting home-office routers

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Newsletters
  • Product showcase
  • Twitter

In case you’ve missed it

  • OT security: Helping under-resourced critical infrastructure organizations
  • How to keep your NFTs safe from scammers
  • Is your organization ready for Internet Explorer retirement?
  • Attackers aren’t slowing down, here’s what researchers are seeing

(IN)SECURE Magazine ISSUE 71.5 (June 2022)

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and more.

Read online
© Copyright 1998-2022 by Help Net Security
Read our privacy policy | About us | Advertise