Advanced Bad Bots Now Account For 51% Of All Malicious Traffic: Imperva

The new 2023 Imperva report describes how bad bot traffic has increased to over 30% of all Internet traffic since they first measured it at 13% back in 2013. 

ATO attacks: Account takeover attacks (ATO) traced to malicious bots growing by 155% last year, driving up credential stuffing and brute force attacks. The report states that fully 15% of all login attempts were classified as ATO.

API attacks: The report also noted that 17% of all attacks on APIs last year came from malicious bots abusing business logic and 21% of the attacks or other types of automated threats.

“A business logic attack is an attack that targets flaws in the design and implementation of an application. Such flaws can be exploited by attackers to manipulate legitimate functionality and achieve various types of malicious goals such as stealing sensitive data and gaining illegal access to user accounts.”

The US saw over 32% of all malicious bot attacks, while Germany and Ireland absorbed 60% of all the attacks.

Largest Share of Advanced Bad Bot Traffic By Industry in 2022 

  • Law & Government 89.0%
  • Travel 63.4%
  • Telecom & ISPs 60.5%
  • Retail 51.9%
  • Financial Services 45.8%

Carol Volk, EVP, BullWall (she/her)

   “According to the 2023 Imperva bad bot report, advanced bad bots now constitute more than half of all malicious traffic, with the bad bot traffic rising to over 30% of all internet traffic since 2013, much of which can be attributed to increasing use of AI. The surge in AI assisted cyberattacks is just beginning. 

   “Sophisticated ransomware attacks have increased by an alarming rate as cybercriminals are using AI to make their attacks even more potent. According to cybersecurity experts, ransomware attacks have become more sophisticated, automated, and targeted, thanks to the use of AI. With these attacks becoming more effective, the cost of remediation and recovery is increasing, leading to financial and reputational damages.”

Mark Bermingham, VP, Cyware:

   “This trend is alarming, but also unsurprising. Attackers will continue to pursue any viable path of exploitation. The sad truth is a lot of this is identified by threat intel. Aligning threat intel insights, both trending and historical, with actions based on these insights would provide defenders with capability that would limit the effectiveness and/or longevity of an attack. The tools exist, the data exists. Aligning these two information assets with action, some of which can be driven by automation, presents an attractive path forward for defenders.”

What this report shows is that care and attention needs to be taken to make sure weaknesses in applications and networks are not only addressed, but defenders have all the tools that they need to make sure that the bad guys don’t get in. Without both of those things, this problem will only get worse.

Leave a Reply

%d bloggers like this: