30.2% of Internet Traffic in Australia associated with Bad Bots in 2023

• For the fifth consecutive year, Imperva, a Thales company, released the 2024 Imperva Bad Bot report that register the highest level of bad bots since the first monitoring in 2013.
• Australia remained in the top three countries targeted by bad bots, representing 8.4% of all bot attacks globally.
• Bad bots are used for malicious purposes to automate attacks like denial-of-service (DDoS), ticket scalping or sabotage gaming sites. ​

Imperva, a Thales company, that protects critical applications, Application Programing Interfaces (APIs), and data, recently announced the release of the 2024 Imperva Bad Bot Report, a global analysis of automated bot traffic across the internet.

Bots are software applications that perform automated tasks over the internet. They can be marked either as a good or a bad bot. Good bots are used for productive purposes like gathering data for search engines, chatbots for customer service or commercial purposes like finding deals. Bad bots however, are used for malicious purposes to automate attacks like denial-of-service (DDoS), ticket scalping or sabotage gaming sites.

The report found that nearly half of all internet traffic came from bots in 2023 - the highest level Imperva has reported since it began monitoring automated traffic in 2013. For the fifth consecutive year, the proportion of web traffic associated with bad bots rose, reaching 32% globally in 2023, up from 30.2% in 2022, while traffic from human users decreased to 50.4%.

Australia remained in the top three countries targeted by bad bots, representing 8.4% of all bot attacks globally; ranking third behind the USA and the Netherlands. In Australia, bots (good and bad) now make up 36.4% of Australia's internet traffic, underscoring that businesses across the nation still face a threat from malicious and automated traffic. Australia's bad bot traffic grew to 30.2%, an increase of 23.2% year-on-year (YoY)

Reinhart Hansen, Director of Technology, Asia Pacific and Japan, at Imperva, ,a Thales company, stressed the criticality of taking proactive steps against bad bots as they grow in sophistication. "With attackers increasingly exploiting API vulnerabilities and lapses in business logic guardrails, a proactive stance is essential to prevent data breaches, account takeovers, and large-scale data theft. From simple web scraping to malicious account takeover, spam, and denial of service, bots negatively impact an organisation's bottom line by degrading online services and forcing more investment in infrastructure and customer support. Organisations in Australia must proactively confront the menace of bad bots as attackers sharpen their focus on API-related abuses that can lead to compromised accounts and data exfiltration," he added.

Key trends identified in the 2024 Imperva Bad Bot Report include:
​

• Global average of bad bot traffic grew to 32%: Ireland (71%), Germany (67.5%), and Mexico (42.8%), saw the highest levels of bad bot traffic in 2023. In APAC, Singapore notably experienced a high level of bad bot traffic, accounting for 35.2%, surpassing the global average. In contrast, Japan recorded the lowest level of bad bot traffic at 17.7%.
• Growing use of generative AI connected to the rise in simple bots: Generative AI and large language models (LLMs) technology use web scraping bots and automated crawlers to feed training models, while enabling nontechnical users to write automated scripts for their own use. The rapid adoption of generative AI resulted in the volume of simple bots increasing to 39.6% in 2023, up from 33.4% in 2022. Australia in particular, has a high volume of simple bots (70.6%) - 31% higher than the global average. The industries in Australia with the highest proportion of simple bot traffic are Business (88%), Retail (87%), and Lifestyle (82%).
• The gaming industry continues to experience the highest levels of bad bot traffic:

Globally, for the second year in a row, gaming (57.2%) experienced the highest proportion of bad bot traffic. This trend mirrors the situation in Australia, where bad bots made up 75.19% of all traffic in the gaming industry. The other two industries which experiences the highest proportion of bad bot traffic are Sports (63.38%), and Healthcare (61.23%).

• Account takeover is a persistent business risk: Account takeover (ATO) attacks increased 10% in 2023, compared to the same period in the prior year. Notably, 44% of all ATO attacks targeted API endpoints, compared to 35% in 2022. Of all login attempts across the internet, 11% were associated with account takeover. The industries that saw the highest volume of ATO attacks in 2023 were Financial Services (36.8%), Travel (11.5%), and Business Services (8%).
• APIs are a popular vector for attack: Automated threats caused a significant proportion (30%) of API attacks in 2023 globally. Among them, 17% were bad bots exploiting business logic vulnerabilities-a flaw within the API's design and implementation that allows attackers to manipulate legitimate functionality and gain access to sensitive data or user accounts. Cybercriminals use automated bots to find and exploit APIs, which act as a direct pathway to sensitive data, making them a prime target for business logic abuse.
• Bad bot traffic originating from residential ISPs grew to 25.8%: Early bad bot evasion techniques relied on masquerading as a user agent (browser) commonly used by legitimate human users. Sophisticated actors combine mobile user agents with the use of residential or mobile ISPs. Residential proxies allow bot operators to evade detection by making it appear as if the origin of the traffic is a legitimate, ISP-assigned residential IP address. Bad bots masquerading as mobile user agents accounted for 44.8% of all bad bot traffic in the past year, up from 28.1% just five years ago.

Additional Information:

• See how Imperva Advanced Bot Protection, API Security, and Client-Side Protection can protect websites, mobile applications, and APIs from automated attacks and fraud without affecting the flow of business-critical traffic.
• Read the Imperva Blog for the latest product and solution news, and threat intelligence from Imperva Threat Research.

"Organisations face substantial financial losses every year due to automated traffic, a concern that cuts across all industries," notes George Lee, Senior Vice President for Asia Pacific and Japan at Imperva. " Automated bots are on track to outnumber human-generated internet traffic, and with the proliferation of AI-powered tools, their presence is becoming increasingly pervasive. It's imperative for enterprises to prioritise investment in bot management and API security solutions to effectively combat the threat posed by malicious automated traffic."

Public link

Please use the above public link if you want to share this noodl on another website.