According to Imperva Inc’s anonymized ecosystem data, the following trends were found:

• In early 2022, as the war in Ukraine began, a 145% spike in automated attacks targeting Ukrainian web applications was observed attempting to disrupt the financial, telecom, and energy sectors.
• Two massive Account Takeover attacks meant to compromise Ukrainian users’ accounts were also noted in the firm’s data.
• There was a significant increase in the number of bad bots choosing Mobile Safari as their preferred disguise because of the additional privacy settings provided by this browser, which sends fewer attributes to the origin. Some browser automation tools, like Puppeteer, can inadvertently support these types of attacks by adding script browser overrides that further assist attackers in mimicking iOS as much as possible.
• Throughout the year, bad bots employed a wide variety of evasion methods, including frequently cycling through IP addresses, hiding behind anonymous proxies and peer-to-peer networks, changing their user agents, and manipulating their login parameters and cookies to make it appear as if the requests were being made from different browsers, besides many more tactics.
• Today’s most sophisticated bad bots can even evade or solve CAPTCHA challenges through integrations with various tools and platforms.
• BLAs made up 25% of all attacks on Singaporean retail sites protected by the firm — up from 10% during the same period in the prior year. This was below the global average (37%), although the volume of BLAs on the firm’s Singaporean retail clients had increased 62% year-on-year.
• 17% of all attacks on APIs in the firm’s 2022 data came from bad bots abusing business logic. As attack patterns do not exist to monitor for these exploitations, it is not possible to apply a generic rule and assume all application and API deployments are secure.
• Built on a vast network of API connections and third-party dependencies, online retailers are increasingly vulnerable to BLAs.