Cybercriminals use proxies to legitimize fraudulent requests
Bot attacks were previously seen as relatively inconsequential type of online fraud, and that mentality has persisted even as threat actors have gained the ability to cause significant damage to revenue and brand reputation, according to HUMAN.
Bad bot traffic
Bad bot traffic overall increased even as people spent less time online. Legitimate human traffic dropped 28% YoY, but bad bot traffic increased 102% YoY — meaning that the percentage of bad bots out of overall traffic has increased even faster.
Automated attacks continued to grow. Web applications experienced a YoY increase in three common types of bot attacks. Carding attacks rose 134% YoY, account takeover attacks rose 108% YoY, and scraping rose 107% YoY.
Certain industries experienced more bot attacks than others. Bad bots accounted for 57% of traffic to online businesses in the Media and Streaming industry. Just under 50% of traffic to companies in the Travel and Hospitality industry (49%) and the Ticketing and Entertainment industry (46%) was automated.
Bad actors strike during top shopping periods
Bad actors conducted more bot attacks during top shopping periods. The holiday shopping season drew more automated attacks than the rest of the year; the peak day (October 25) saw 199% more bad bot traffic than the yearly average.
Enterprise attackers prefer to hide behind desktop devices, as 26% of malicious requests appeared to come from mobile, as compared to 61% of legitimate requests.
Attackers will utilize anonymizing proxy servers to look like normal human traffic with more than 68% of worldwide malicious traffic came from U.S. proxy servers. That number drops to 47% when looking only at traffic to non-U.S. applications, and grows to 75% for traffic to U.S. applications only.
Malicious bot attacks on the rise
“It’s clear that bots are a pervasive threat,” said HUMAN CISO Gavin Reid. “It is extremely easy for bad actors to conduct malicious bot attacks and fraud with minimal effort or risk.”
The report emphasizes why it is critical for companies to understand the full scope of the bot problem for their own organizations and customers. As cybercriminals continue to evolve and adapt, businesses must remain vigilant by taking proactive measures to protect their digital assets.
Achieving this requires a comprehensive and collaborative approach leveraging the principles of modern defense and collective protection to tip the scales and win against attackers.