According to the 2022 Imperva Bad Bot Report, bots accounted for almost 28% of global web traffic in 2021. The Imperva Threat Research team estimates that 27.7% of online traffic is bad bots. These bad bots are now more advanced and evasive than ever, mimicking human behavior in ways that make them harder to detect and prevent. Excerpts:
Bad bots are software applications that run automated tasks with malicious intent. They scrape data from sites without permission to reuse it and gain a competitive edge (e.g. pricing, inventory levels, proprietary content). They are used for scalping, the act of obtaining limited availability items to resell at a higher price. They can be used to create distributed denial of service (DDoS) attacks targeted at the network or the application. The truly nefarious ones undertake criminal activities, such as fraud and outright theft. Credential Stuffing to perform Account Takeover is a prominent tactic of bad bots.
Bad bot traffic continues to grow and hits record levels
- Bad bot traffic accounted for a record-setting 27.7% of all global website traffic in 2021
- Bot traffic accounted for 42.3% of all internet traffic in 2021
- The top three most common bot attacks in 2021:
- Account Takeover
- Scraping
- Scalping
In 2021, Evasive Bad Bots accounted for the majority of bad bot traffic (65.6%). This breed of bot is a grouping of both moderate and advanced bad bots that can evade common defenses. They use the latest evasion techniques, including cycling through random IPs, entering through anonymous proxies, changing their identities, mimicking human behavior, delaying requests, and more.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.