According to the annual report Imperva Bad Bot Thales company, in 2023, almost half (49.6%) of the total Internet traffic was attributed to bot activity. This is a 2% increase from the previous year and marks the highest rate since 2013.
The report reveals that the traffic generated by malicious bots has surged to 32% of the total, while the proportion of genuine users continues to decline. This trend poses a significant threat to organizations globally, costing billions of dollars annually due to attacks on websites, APIs, and various applications.
The most prevalent type of harmful bots identified are specialized programs designed to carry out specific tasks with malicious intent, such as aiding in cybercrime, theft, or fraudulent schemes. Particularly elevated levels of their activity were observed in Ireland, Germany, and Mexico, with only minimal growth in the United States.
Advancements in technology, including generative artificial intelligence, have contributed to a rise in the number of simplistic bots – accounting for 39% of total bot traffic in 2023, up from 33% in 2022. These algorithms are becoming increasingly sophisticated over time.
In 2023, 44% of malicious bot traffic was generated by programs masquerading as mobile users. These tools typically utilize resident and mobile proxies to mask their origins and evade detection.
The report also highlights the proliferation of more sophisticated bots capable of mimicking human behavior and circumventing security measures. These bots predominantly target sectors such as law, public administration, entertainment, and financial services.
Furthermore, there has been a notable increase in Account Takeover (ATO) attacks, rising by 10%. Almost half of these incidents were directed at API interfaces, with financial, travel, and business companies often falling victim.
“Automated bots are on track to surpass human internet traffic share, necessitating a fundamental shift in organizations’ approach to constructing and safeguarding their web assets,” cautioned Nanhi Singh, Application General Manager at IMPERVA.
To combat the escalating threat, organizations are urged to enhance vigilance and implement robust protective measures, particularly against API abuse-related attacks that can compromise account and data security.